While reviewing a 2015 report of a Winnti intrusion at a Vietnamese gaming company, Chronicle identified a small cluster of Winnti samples designed specifically for Linux. This white paper is a technical analysis of this variant.