This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.
SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
WINDSHIELD
WINDSHIELD is a signature backdoor used by APT32. [1]
ID: S0155
ⓘ
Type: MALWARE
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1070 | .004 | Indicator Removal on Host: File Deletion |
WINDSHIELD is capable of file deletion along with other file system interaction.[1] |
| Enterprise | T1095 | Non-Application Layer Protocol |
WINDSHIELD C2 traffic can communicate via TCP raw sockets.[1] |
|
| Enterprise | T1012 | Query Registry |
WINDSHIELD can gather Registry values.[1] |
|
| Enterprise | T1082 | System Information Discovery |
WINDSHIELD can gather the victim computer name.[1] |
|
| Enterprise | T1033 | System Owner/User Discovery |
WINDSHIELD can gather the victim user name.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0050 | APT32 |
References
×