{ "type": "bundle", "id": "bundle--9c5883ab-669e-4ed4-a2cb-a9a2447a22f2", "spec_version": "2.0", "objects": [ { "aliases": [ "Windshift", "Bahamut" ], "x_mitre_domains": [ "enterprise-attack", "mobile-attack" ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "id": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1", "type": "intrusion-set", "created": "2020-06-25T17:16:39.168Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "external_id": "G0112", "source_name": "mitre-attack", "url": "https://attack.mitre.org/groups/G0112" }, { "source_name": "Bahamut", "description": "(Citation: SANS Windshift August 2018)" }, { "source_name": "SANS Windshift August 2018", "url": "https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1554718868.pdf", "description": "Karim, T. (2018, August). TRAILS OF WINDSHIFT. Retrieved June 25, 2020." }, { "source_name": "objective-see windtail1 dec 2018", "url": "https://objective-see.com/blog/blog_0x3B.html", "description": "Wardle, Patrick. (2018, December 20). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 1). Retrieved October 3, 2019." }, { "source_name": "objective-see windtail2 jan 2019", "url": "https://objective-see.com/blog/blog_0x3D.html", "description": "Wardle, Patrick. (2019, January 15). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 2). Retrieved October 3, 2019." } ], "modified": "2021-04-26T14:37:33.234Z", "name": "Windshift", "description": "[Windshift](https://attack.mitre.org/groups/G0112) is a threat group that has been active since at least 2017, targeting specific individuals for surveillance in government departments and critical infrastructure across the Middle East.(Citation: SANS Windshift August 2018)(Citation: objective-see windtail1 dec 2018)(Citation: objective-see windtail2 jan 2019)", "x_mitre_version": "1.1", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }