Windshift

Techniques (MITRE ATT&CK)19

SourceMITRE ATT&CK

Also known as:Bahamut

Vexday analysis

Windshift é um grupo de ameaça persistente avançada (APT), rastreado pelo MITRE ATT&CK sob o identificador G0112 e também referenciado como Bahamut, ativo pelo menos desde 2017. O grupo tem como foco a vigilância de indivíduos específicos em departamentos governamentais e infraestruturas críticas no Oriente Médio. Ao grupo são atribuídas 19 técnicas documentadas na matriz MITRE ATT&CK.

Techniques (MITRE ATT&CK) 19

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Initial access

Drive-by Compromise Spearphishing Attachment Spearphishing Link Spearphishing via Service

Execution

Windows Management Instrumentation Visual Basic Malicious Link Malicious File

Persistence

Registry Run Keys / Startup Folder

Discovery

System Owner/User Discovery Process Discovery System Information Discovery Software Discovery Security Software Discovery

Command and control

Web Protocols Ingress Tool Transfer

stealth

Obfuscated Files or Information Masquerading Invalid Code Signature

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

Windshift uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →