WindShift
MISP
Type:
Unknown
Unknown
Country:
Unknown
Unknown
First seen:
Unknown
Unknown
Details:
In August of 2018, DarkMatter released a report entitled “In the Trails of WINDSHIFT APT”, which unveiled a threat actor with TTPs very similar to those of Bahamut. Subsequently, two additional articles were released by Objective-See which provide an analysis of some validated WINDSHIFT samples targeting OSX systems. Pivoting on specific file attributes and infrastructure indicators, Unit 42 was able to identify and correlate additional attacker activity and can now provide specific details on a targeted WINDSHIFT attack as it unfolded at a Middle Eastern government agency.
MITRE ATT&CK:
View on MITRE
Techniques Used (19)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1027 | Obfuscated Files or Information | - |
| T1033 | System Owner/User Discovery | - |
| T1036 | Masquerading | - |
| T1036.001 | Invalid Code Signature | - |
| T1047 | Windows Management Instrumentation | - |
| T1057 | Process Discovery | - |
| T1059.005 | Visual Basic | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1105 | Ingress Tool Transfer | - |
| T1189 | Drive-by Compromise | - |
| T1204.001 | Malicious Link | - |
| T1204.002 | Malicious File | - |
| T1518 | Software Discovery | - |
| T1518.001 | Security Software Discovery | - |
Aliases (210)
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Bahamut
Windy Phoenix
Related Malware (1)
Metadata
| ID: | 245 |
| Created: | 13/01/2026 17:48 |
| Updated: | 07/03/2026 04:00 |