Nitol is a DDoS botnet family that uses infected machines to launch distributed denial-of-service attacks. It spreads through software supply-chain compromise and pirated software, and was notably distributed via counterfeit Windows installations sold in some regions. Microsoft disrupted the Nitol botnet in 2012 through its Operation b70 action.
This family has been observed using the following ATT&CK techniques: T1498 T1071.001
Nitol is a DDoS botnet family that uses infected machines to launch distributed denial-of-service attacks. It spreads through software supply-chain compromise and pirated software, and was notably distributed via counterfeit Windows installations sold in some regions. Microsoft disrupted the Nitol botnet in 2012 through its Operation b70 action.
Nitol is a DDoS-capable trojan spread through pirated Windows installations preloaded at the supply-chain level and cracked software downloads.
Outbound flood traffic to unfamiliar IPs, unexpected high bandwidth usage, and antivirus detections for Nitol or Win32/Nitol are common.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/nitol.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.