Winnti for Windows
Winnti for Windows is a Trojan that has been used by multiple groups to carry out intrusions in varied regions from at least 2010 to 2016. One of the groups using this malware is referred to by the same name, Winnti Group; however, reporting indicates a second distinct group, Axiom, also uses the malware.    The Linux variant is tracked separately under Winnti for Linux.
|Enterprise||T1543||.003||Create or Modify System Process: Windows Service|
|Enterprise||T1036||.005||Masquerading: Match Legitimate Name or Location|
|Enterprise||T1218||.011||Signed Binary Proxy Execution: Rundll32|
Groups That Use This Software
- Kaspersky Lab's Global Research and Analysis Team. (2013, April 11). Winnti. More than just a game. Retrieved February 8, 2017.
- Cap, P., et al. (2017, January 25). Detecting threat actors in recent German industrial attacks with Windows Defender ATP. Retrieved February 8, 2017.
- Novetta Threat Research Group. (2015, April 7). Winnti Analysis. Retrieved February 8, 2017.