G0112 · 19 ATT&CK techniques · 0 correlated reports

Windshift

Aliases: Bahamut

Windshift is a threat group that has been active since at least 2017, targeting specific individuals for surveillance in government departments and critical infrastructure across the Middle East.

Open interactive actor investigation

ATT&CK techniques

T1057
Process Discovery T1189
Drive-by Compromise T1059.005
Visual Basic T1518.001
Security Software Discovery T1566.001
Spearphishing Attachment T1204.001
Malicious Link T1566.003
Spearphishing via Service T1547.001
Registry Run Keys / Startup Folder T1518
Software Discovery T1566.002
Spearphishing Link T1036.001
Invalid Code Signature T1027
Obfuscated Files or Information T1071.001
Web Protocols T1036
Masquerading T1105
Ingress Tool Transfer T1047
Windows Management Instrumentation T1033
System Owner/User Discovery T1082
System Information Discovery T1204.002
Malicious File

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research