G0044
G0044Winnti Group
Description
[Winnti Group](https://attack.mitre.org/groups/G0044) is a threat group with Chinese origins that has been active since at least 2010. The group has heavily targeted the gaming industry, but it has also expanded the scope of its targeting.(Citation: Kaspersky Winnti April 2013)(Citation: Kaspersky Winnti June 2015)(Citation: Novetta Winnti April 2015) Some reporting suggests a number of other groups, including [Axiom](https://attack.mitre.org/groups/G0001), [APT17](https://attack.mitre.org/groups/G0025), and [Ke3chang](https://attack.mitre.org/groups/G0004), are closely linked to [Winnti Group](https://attack.mitre.org/groups/G0044).(Citation: 401 TRG Winnti Umbrella May 2018)
References
- https://attack.mitre.org/groups/G0044
- http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates
- https://401trg.github.io/pages/burning-umbrella.html
- https://securelist.com/winnti-more-than-just-a-game/37029/
- https://web.archive.org/web/20150412223949/http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf
- https://securelist.com/games-are-over/70991/
Software attributed to this2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Software | Winnti for Linuxs0430 | 100% | live |
| Software | Winnti for Windowss0141 | 95% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.