Winnti for Windows
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 31/05/2017 23:33
- Modified
- 27/03/2026 01:06
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 22 attack patterns (mitre), 2 intrusion sets (apt)
Description
[Winnti for Windows](https://attack.mitre.org/software/S0141) is a modular remote access Trojan (RAT) that has been used likely by multiple groups to carry out intrusions in various regions since at least 2010, including by one group referred to as the same name, [Winnti Group](https://attack.mitre.org/groups/G0044).(Citation: Kaspersky Winnti April 2013)(Citation: Microsoft Winnti Jan 2017)(Citation: Novetta Winnti April 2015)(Citation: 401 TRG Winnti Umbrella May 2018). The Linux variant is tracked separately under [Winnti for Linux](https://attack.mitre.org/software/S0430).(Citation: Chronicle Winnti for Linux May 2019)
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.