← Back to Actors
Windshift
WindshiftBahamut
[Windshift](https://attack.mitre.org/groups/G0112) is a threat group that has been active since at least 2017, targeting specific individuals for surveillance in government departments and critical infrastructure across the Middle East.(Citation: SANS Windshift August 2018)(Citation: objective-see windtail1 dec 2018)(Citation: objective-see windtail2 jan 2019)
19
Techniques
19
Covered
0
Gaps
100%
Coverage
Coverage19/19
COVERED (19)
T1027Obfuscated Files or Information525 det.T1033System Owner/User Discovery59 det.T1036Masquerading493 det.T1036.001Invalid Code Signature9 det.T1047Windows Management Instrumentation85 det.T1057Process Discovery18 det.T1059.005Visual Basic66 det.T1071.001Web Protocols74 det.T1082System Information Discovery80 det.T1105Ingress Tool Transfer170 det.T1189Drive-by Compromise10 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1518Software Discovery15 det.T1518.001Security Software Discovery8 det.T1547.001Registry Run Keys / Startup Folder50 det.T1566.001Spearphishing Attachment850 det.T1566.002Spearphishing Link837 det.T1566.003Spearphishing via Service85 det.