← Back to Actors
Windshift
WindshiftBahamut
[Windshift](https://attack.mitre.org/groups/G0112) is a threat group that has been active since at least 2017, targeting specific individuals for surveillance in government departments and critical infrastructure across the Middle East.(Citation: SANS Windshift August 2018)(Citation: objective-see windtail1 dec 2018)(Citation: objective-see windtail2 jan 2019)
19
Techniques
19
Covered
0
Gaps
100%
Coverage
Coverage19/19
COVERED (19)
T1027Obfuscated Files or Information606 det.T1033System Owner/User Discovery61 det.T1036Masquerading572 det.T1036.001Invalid Code Signature10 det.T1047Windows Management Instrumentation88 det.T1057Process Discovery21 det.T1059.005Visual Basic69 det.T1071.001Web Protocols81 det.T1082System Information Discovery86 det.T1105Ingress Tool Transfer184 det.T1189Drive-by Compromise10 det.T1204.001Malicious Link11 det.T1204.002Malicious File441 det.T1518Software Discovery17 det.T1518.001Security Software Discovery10 det.T1547.001Registry Run Keys / Startup Folder53 det.T1566.001Spearphishing Attachment979 det.T1566.002Spearphishing Link1005 det.T1566.003Spearphishing via Service96 det.