← Back to Actors
Windshift
WindshiftBahamut
[Windshift](https://attack.mitre.org/groups/G0112) is a threat group that has been active since at least 2017, targeting specific individuals for surveillance in government departments and critical infrastructure across the Middle East.(Citation: SANS Windshift August 2018)(Citation: objective-see windtail1 dec 2018)(Citation: objective-see windtail2 jan 2019)
19
Techniques
19
Covered
0
Gaps
100%
Coverage
Coverage19/19
COVERED (19)
T1027Obfuscated Files or Information561 det.T1033System Owner/User Discovery61 det.T1036Masquerading525 det.T1036.001Invalid Code Signature9 det.T1047Windows Management Instrumentation87 det.T1057Process Discovery20 det.T1059.005Visual Basic68 det.T1071.001Web Protocols80 det.T1082System Information Discovery86 det.T1105Ingress Tool Transfer183 det.T1189Drive-by Compromise10 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1518Software Discovery17 det.T1518.001Security Software Discovery10 det.T1547.001Registry Run Keys / Startup Folder53 det.T1566.001Spearphishing Attachment905 det.T1566.002Spearphishing Link904 det.T1566.003Spearphishing via Service88 det.