Winnti for Windows
MITRE
Tipo Malware:
Other
Other
Prima attivita:
Unknown
Unknown
Ultima attivita:
Unknown
Unknown
Dettagli:
[Winnti for Windows](https://attack.mitre.org/software/S0141) is a modular remote access Trojan (RAT) that has been used likely by multiple groups to carry out intrusions in various regions since at least 2010, including by one group referred to as the same name, [Winnti Group](https://attack.mitre.org/groups/G0044).(Citation: Kaspersky Winnti April 2013)(Citation: Microsoft Winnti Jan 2017)(Citation: Novetta Winnti April 2015)(Citation: 401 TRG Winnti Umbrella May 2018). The Linux variant is tracked separately under [Winnti for Linux](https://attack.mitre.org/software/S0430).(Citation: Chronicle Winnti for Linux May 2019)
Tecniche Associate (22)
| ID | ATT&CK | Tattiche |
|---|---|---|
| T1027.013 | Encrypted/Encoded File | - |
| T1027.015 | Compression | - |
| T1036.005 | Match Legitimate Resource Name or Location | - |
| T1057 | Process Discovery | - |
| T1070.004 | File Deletion | - |
| T1070.006 | Timestomp | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1083 | File and Directory Discovery | - |
| T1090.001 | Internal Proxy | - |
| T1090.002 | External Proxy | - |
| T1095 | Non-Application Layer Protocol | - |
| T1105 | Ingress Tool Transfer | - |
| T1106 | Native API | - |
| T1140 | Deobfuscate/Decode Files or Information | - |
Usato da Attori (2)
Metadata
| ID: | 583 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |