RAZOR TIGER (Threat Actor)

RAZOR TIGER (Back to overview)

aka: APT-C-17, Rattlesnake, SideWinder, T-APT-04

An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.

Associated Families

apk.sidewinder win.unidentified_093 win.sidewinder

References

2023-05-17 ⋅ Group-IB ⋅ Joshua Penny, Nikita Rostovtsev, Yashraj Solanki
The distinctive rattle of APT SideWinder
SideWinder

2022-07-20 ⋅ ⋅ Qianxin ⋅ Red Raindrops Team
The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software
SideWinder

2022-07-13 ⋅ Check Point ⋅ Check Point Research
A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets
Unidentified 093 (Sidewinder)

2022-06-08 ⋅ Qianxin Threat Intelligence Center ⋅ Red Raindrop Team
Operation Tejas: A dying elephant curled up in the Kunlun Mountains
HAZY TIGER RAZOR TIGER

2022-04-14 ⋅ Medium (@DCSO_CyTec) ⋅ Axel Wauer, DCSO CyTec
404 — File still found
SideWinder

2021-03-04 ⋅ Malpedia ⋅ Malpedia
Malpedia Page for family Sidewinder
SideWinder

2021-01-13 ⋅ AlienVault ⋅ Tom Hegel
A Global Perspective of the SideWinder APT
8.t Dropper Koadic SideWinder

2020-12-09 ⋅ Trend Micro ⋅ Ecular Xu, Jaromír Hořejší, Joseph C Chen
SideWinder Leverages South Asian Territorial Issues for Spear Phishing and Mobile Device Attacks
Meterpreter SideWinder RAZOR TIGER

2020-12-09 ⋅ AlienVault OTX ⋅ AlienVault
SideWinder APT South Asian Territorial Themed Spear Phishing and Mobile Device Attacks
SideWinder RAZOR TIGER

2020-10-26 ⋅ ⋅ Qianxin ⋅ Threat Intelligence Center
Analysis of the attack activities of the Rattlesnake organization using the Buffy bilateral agreement as bait
SideWinder

2020-05-28 ⋅ ⋅ Qianxin ⋅ Threat Intelligence Center
Analysis of recent rattlesnake APT attacks against surrounding countries and regions
SideWinder

2020-01-06 ⋅ Trend Micro ⋅ Ecular Xu, Joseph C Chen
First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
RAZOR TIGER

2019-02-26 ⋅ ⋅ Tencent ⋅ Tencent Yujian Threat Intelligence Center
Disclosure of SideWinder APT's attack against South Asia
SideWinder RAZOR TIGER

2018-07-16 ⋅ Medium Sebdraven ⋅ Sébastien Larinier
APT Sidewinder: Tricks powershell, Anti Forensics and execution side loading
SideWinder RAZOR TIGER

2018-05-23 ⋅ ⋅ Tencent ⋅ Tencent Mimi Threat Intelligence Center
SideWinder“响尾蛇”APT组织（T-APT-04)：针对南亚的定向攻击威胁
SideWinder RAZOR TIGER

2018-04-12 ⋅ Kaspersky Labs ⋅ GReAT
APT Trends report Q1 2018
RAZOR TIGER

2014-08-08 ⋅ FireEye ⋅ FireEye
Sidewinder Targeted Attack Against Android in the Golden Age of AD Libraries
RAZOR TIGER

Credits: MISP Project