216.73.216.36

Winnti for Linux

The MITRE Corporation · Published 29/04/2020 17:06 · Modified 27/03/2026 01:05 Family

Essential information

Confidence
100/100
Is family
Yes
Published
29/04/2020 17:06
Modified
27/03/2026 01:05
Revoked
No
Author / Source
The MITRE Corporation
Related entities
8 attack patterns (mitre), 3 intrusion sets (apt)

Description

[Winnti for Linux](https://attack.mitre.org/software/S0430) is a trojan, seen since at least 2015, designed specifically for targeting Linux systems. Reporting indicates the winnti malware family is shared across a number of actors including [Winnti Group](https://attack.mitre.org/groups/G0044). The Windows variant is tracked separately under [Winnti for Windows](https://attack.mitre.org/software/S0141).(Citation: Chronicle Winnti for Linux May 2019)

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.