Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 14:09:18 UTC
 Tool: Wingbird
Names Wingbird
Category Malware
Type Backdoor, Info stealer
Description
Wingbird is a backdoor that appears to be a version of commercial software FinFisher. It
is reportedly used to attack individual computers instead of networks. It was used by
NEODYMIUM in a May 2016 campaign.
Information
MITRE ATT&CK Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool Wingbird
Changed Name Country Observed
APT groups
 BlackOasis [Middle East] 2015-Oct 2017
 Neodymium 2016
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=de3054dc-0e37-4268-976d-c928ddfaabb5
Page 1 of 2

2 groups listed (2 APT, 0 other, 0 unknown)
↑
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=de3054dc-0e37-4268-976d-c928ddfaabb5
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=de3054dc-0e37-4268-976d-c928ddfaabb5
Page 2 of 2