S0141Windows

S0141Winnti for Windows

Platforms
1
ATT&CK
14.1
References
6

Description

[Winnti for Windows](https://attack.mitre.org/software/S0141) is a modular remote access Trojan (RAT) that has been used likely by multiple groups to carry out intrusions in various regions since at least 2010, including by one group referred to as the same name, [Winnti Group](https://attack.mitre.org/groups/G0044).(Citation: Kaspersky Winnti April 2013)(Citation: Microsoft Winnti Jan 2017)(Citation: Novetta Winnti April 2015)(Citation: 401 TRG Winnti Umbrella May 2018). The Linux variant is tracked separately under [Winnti for Linux](https://attack.mitre.org/software/S0430).(Citation: Chronicle Winnti for Linux May 2019)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupWinnti Groupg004495%live

References

  1. https://attack.mitre.org/software/S0141
  2. https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/
  3. https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a
  4. https://401trg.github.io/pages/burning-umbrella.html
  5. https://securelist.com/winnti-more-than-just-a-game/37029/
  6. https://web.archive.org/web/20150412223949/http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Winnti for Linux
Software
Winnti
Software
Konni
Software
InnaputRAT
Group
Winnti Group
Software
RATANKBA
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.