SYMBOLCOMMON_NAMEaka. SYNONYMS

RAZOR TIGER  (Back to overview)

aka: APT-C-17, Rattlesnake, SideWinder, T-APT-04

An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.


Associated Families
apk.sidewinder win.unidentified_093 win.sidewinder

References
2024-05-23Twitter (@embee_research)Embee_research
Tracking APT SideWinder With DNS Records
SideWinder
2023-05-17Group-IBJoshua Penny, Nikita Rostovtsev, Yashraj Solanki
The distinctive rattle of APT SideWinder
SideWinder
2022-07-20QianxinRed Raindrops Team
The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software
SideWinder
2022-07-13Check PointCheck Point Research
A Hit is made: Suspected India-based Sidewinder APT successfully cyber attacks Pakistan military focused targets
Unidentified 093 (Sidewinder)
2022-06-08Qianxin Threat Intelligence CenterRed Raindrop Team
Operation Tejas: A dying elephant curled up in the Kunlun Mountains
HAZY TIGER RAZOR TIGER
2022-04-14Medium (@DCSO_CyTec)Axel Wauer, DCSO CyTec
404 — File still found
SideWinder
2021-03-04MalpediaMalpedia
Malpedia Page for family Sidewinder
SideWinder
2021-01-13AlienVaultTom Hegel
A Global Perspective of the SideWinder APT
8.t Dropper Koadic SideWinder
2020-12-09Trend MicroEcular Xu, Jaromír Hořejší, Joseph C Chen
SideWinder Leverages South Asian Territorial Issues for Spear Phishing and Mobile Device Attacks
Meterpreter SideWinder RAZOR TIGER
2020-12-09AlienVault OTXAlienVault
SideWinder APT South Asian Territorial Themed Spear Phishing and Mobile Device Attacks
SideWinder RAZOR TIGER
2020-10-26QianxinThreat Intelligence Center
Analysis of the attack activities of the Rattlesnake organization using the Buffy bilateral agreement as bait
SideWinder
2020-05-28QianxinThreat Intelligence Center
Analysis of recent rattlesnake APT attacks against surrounding countries and regions
SideWinder
2020-01-06Trend MicroEcular Xu, Joseph C Chen
First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
RAZOR TIGER
2019-02-26TencentTencent Yujian Threat Intelligence Center
Disclosure of SideWinder APT's attack against South Asia
SideWinder RAZOR TIGER
2018-07-16Medium SebdravenSébastien Larinier
APT Sidewinder: Tricks powershell, Anti Forensics and execution side loading
SideWinder RAZOR TIGER
2018-05-23TencentTencent Mimi Threat Intelligence Center
SideWinder“响尾蛇”APT组织(T-APT-04):针对南亚的定向攻击威胁
SideWinder RAZOR TIGER
2018-04-12Kaspersky LabsGReAT
APT Trends report Q1 2018
RAZOR TIGER
2014-08-08FireEyeFireEye
Sidewinder Targeted Attack Against Android in the Golden Age of AD Libraries
RAZOR TIGER

Credits: MISP Project