Threat Group: Winnti (APT41) – suspected attribution based on code lineage and targeting Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social engineering via Skype delivering malicious .SCR and .PIF files containing steganographic shellcode in JPEGs and DLL sideloading Malware Used: GodRAT – evolution of Gh0st RAT and AwesomePuppet, featuring plugin-based architecture