S0176Windows

S0176Wingbird

Platforms
1
ATT&CK
14.1
References
4

Description

[Wingbird](https://attack.mitre.org/software/S0176) is a backdoor that appears to be a version of commercial software [FinFisher](https://attack.mitre.org/software/S0182). It is reportedly used to attack individual computers instead of networks. It was used by [NEODYMIUM](https://attack.mitre.org/groups/G0055) in a May 2016 campaign. (Citation: Microsoft SIR Vol 21) (Citation: Microsoft NEODYMIUM Dec 2016)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupNEODYMIUMg005595%live

References

  1. https://attack.mitre.org/software/S0176
  2. http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf
  3. https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/
  4. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Wingbird.A!dha

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
NEODYMIUM
Software
FinFisher
Software
FakeM
Software
Nidiran
Software
Pteranodon
Software
EVILNUM
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.