SYMBOLCOMMON_NAMEaka. SYNONYMS

SideCopy  (Back to overview)


The SideCopy APT is a Pakistani threat actor that has been operating since at least 2019, mainly targeting South Asian countries and more specifically India and Afghanistan. Its name comes from its infection chain that tries to mimic that of the SideWinder APT. It has been reported that this actor has similarities with Transparent Tribe (APT36) and possibly is a subdivision of this actor. Cisco Talos and Seqrite have provided comprehensive reports on this actor’s activities.


Associated Families
elf.unidentified_005 win.action_rat

References
2023-06-15SeqriteSathwik Ram Prakki
@online{prakki:20230615:double:13ffdae, author = {Sathwik Ram Prakki}, title = {{Double Action, Triple Infection, and a New RAT: SideCopy’s Persistent Targeting of Indian Defence}}, date = {2023-06-15}, organization = {Seqrite}, url = {https://www.seqrite.com/blog/double-action-triple-infection-and-a-new-rat-sidecopys-persistent-targeting-of-indian-defence}, language = {English}, urldate = {2023-06-19} } Double Action, Triple Infection, and a New RAT: SideCopy’s Persistent Targeting of Indian Defence
Action RAT
2023-02-16ThreatMonThreatMon Malware Research Team, seyitsec
@online{team:20230216:sidecopy:86a53bb, author = {ThreatMon Malware Research Team and seyitsec}, title = {{APT SideCopy Targeting Indian Government Entities - Analysis of the new version of ReverseRAT}}, date = {2023-02-16}, organization = {ThreatMon}, url = {https://threatmon.io/apt-sidecopy-targeting-indian-government-entities/}, language = {English}, urldate = {2023-02-17} } APT SideCopy Targeting Indian Government Entities - Analysis of the new version of ReverseRAT
Unidentified 005 (Sidecopy) ReverseRAT
2022-01-18QianxinRed Raindrop Team
@online{team:20220118:sidecopy:862ebbd, author = {Red Raindrop Team}, title = {{SideCopy Arsenal Update: Golang-based Linux stealth tools surface}}, date = {2022-01-18}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/SideCopy's-Golang-based-Linux-tool/}, language = {Chinese}, urldate = {2022-01-25} } SideCopy Arsenal Update: Golang-based Linux stealth tools surface
Unidentified 005 (Sidecopy)
2022-01-05TelsyClaudio Di Giuseppe
@online{giuseppe:20220105:sidecopy:546a0eb, author = {Claudio Di Giuseppe}, title = {{SIDECOPY APT: From Windows to *nix}}, date = {2022-01-05}, organization = {Telsy}, url = {https://www.telsy.com/sidecopy-apt-from-windows-to-nix/}, language = {English}, urldate = {2022-01-10} } SIDECOPY APT: From Windows to *nix
SideCopy
2021-12-02MalwarebytesHossein Jazi, Threat Intelligence Team
@online{jazi:20211202:sidecopy:9e7363c, author = {Hossein Jazi and Threat Intelligence Team}, title = {{SideCopy APT: Connecting lures to victims, payloads to infrastructure}}, date = {2021-12-02}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/}, language = {English}, urldate = {2021-12-06} } SideCopy APT: Connecting lures to victims, payloads to infrastructure
SideCopy
2021-11-16METAMike Dvilyanski, David Agranovich
@online{dvilyanski:20211116:taking:7d056cc, author = {Mike Dvilyanski and David Agranovich}, title = {{Taking Action Against Hackers in Pakistan and Syria}}, date = {2021-11-16}, organization = {META}, url = {https://about.fb.com/news/2021/11/taking-action-against-hackers-in-pakistan-and-syria/}, language = {English}, urldate = {2021-11-17} } Taking Action Against Hackers in Pakistan and Syria
SideCopy
2021-07-07Talos IntelligenceAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:eca169d, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2021/07/sidecopy.html}, language = {English}, urldate = {2021-07-08} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore NjRAT SideCopy
2020-09-23SeqriteKalpesh Mantri
@online{mantri:20200923:operation:7e7788f, author = {Kalpesh Mantri}, title = {{Operation SideCopy!}}, date = {2020-09-23}, organization = {Seqrite}, url = {https://www.seqrite.com/blog/operation-sidecopy/}, language = {English}, urldate = {2022-01-10} } Operation SideCopy!
SideCopy
2019-07-08Medium SebdravenSébastien Larinier
@online{larinier:20190708:copy:99b120f, author = {Sébastien Larinier}, title = {{Copy cat of APT Sidewinder ?}}, date = {2019-07-08}, organization = {Medium Sebdraven}, url = {https://sebdraven.medium.com/copy-cat-of-apt-sidewinder-1893059ca68d}, language = {English}, urldate = {2023-04-22} } Copy cat of APT Sidewinder ?
AllaKore SideCopy

Credits: MISP Project