WINDSHIELD

WINDSHIELD is a signature backdoor used by APT32. [1]

ID: S0155
Aliases: WINDSHIELD
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1094Custom Command and Control ProtocolWINDSHIELD C2 traffic can communicate via TCP raw sockets.[1]
EnterpriseT1107File DeletionWINDSHIELD is capable of file deletion along with other file system interaction.[1]
EnterpriseT1012Query RegistryWINDSHIELD can gather Registry values.[1]
EnterpriseT1095Standard Non-Application Layer ProtocolWINDSHIELD C2 traffic can communicate via TCP raw sockets.[1]
EnterpriseT1082System Information DiscoveryWINDSHIELD can gather the victim computer name.[1]
EnterpriseT1033System Owner/User DiscoveryWINDSHIELD can gather the victim user name.[1]

Groups

Groups that use this software:

APT32

References