WindShift

MISP

Type:
Unknown

Country:
Unknown

First seen:
Unknown

Details:

[Windshift](https://attack.mitre.org/groups/G0112) is a threat group that has been active since at least 2017, targeting specific individuals for surveillance in government departments and critical infrastructure across the Middle East.(Citation: SANS Windshift August 2018)(Citation: objective-see windtail1 dec 2018)(Citation: objective-see windtail2 jan 2019)

MITRE ATT&CK: View on MITRE

Techniques Used (19)

ID	ATT&CK	Tactics
T1027	Obfuscated Files or Information	-
T1033	System Owner/User Discovery	-
T1036	Masquerading	-
T1036.001	Invalid Code Signature	-
T1047	Windows Management Instrumentation	-
T1057	Process Discovery	-
T1059.005	Visual Basic	-
T1071.001	Web Protocols	-
T1082	System Information Discovery	-
T1105	Ingress Tool Transfer	-
T1189	Drive-by Compromise	-
T1204.001	Malicious Link	-
T1204.002	Malicious File	-
T1518	Software Discovery	-
T1518.001	Security Software Discovery	-

References (3)

Aliases (392)

Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut Windy Phoenix Bahamut

Related Malware (1)

WindTail
other

Metadata

ID:	245
Created:	13/01/2026 17:48
Updated:	21/04/2026 16:00