SideCopy  (Back to overview)

The SideCopy APT is a Pakistani threat actor that has been operating since at least 2019, mainly targeting South Asian countries and more specifically India and Afghanistan. Its name comes from its infection chain that tries to mimic that of the SideWinder APT. It has been reported that this actor has similarities with Transparent Tribe (APT36) and possibly is a subdivision of this actor. Cisco Talos and Seqrite have provided comprehensive reports on this actor’s activities.

Associated Families
elf.unidentified_005 win.action_rat

2023-11-06SeqriteSathwik Ram Prakki
SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT
Action RAT AllaKore
2023-06-15SeqriteSathwik Ram Prakki
Double Action, Triple Infection, and a New RAT: SideCopy’s Persistent Targeting of Indian Defence
Action RAT
2023-02-16ThreatMonSeyit Sigirci (@h3xecute), ThreatMon Malware Research Team
APT SideCopy Targeting Indian Government Entities - Analysis of the new version of ReverseRAT
Unidentified 005 (Sidecopy) ReverseRAT
2023-01-01ThreatMonSeyit Sigirci (@h3xecute), ThreatMon Malware Research Team
Unraveling the Complex Infection Chain: Analysis of the SideCopy APT's Attack
Action RAT
2022-01-18QianxinRed Raindrop Team
SideCopy Arsenal Update: Golang-based Linux stealth tools surface
Unidentified 005 (Sidecopy)
2022-01-05TelsyClaudio Di Giuseppe
SIDECOPY APT: From Windows to *nix
2021-12-02MalwarebytesHossein Jazi, Threat Intelligence Team
SideCopy APT: Connecting lures to victims, payloads to infrastructure
2021-11-16METADavid Agranovich, Mike Dvilyanski
Taking Action Against Hackers in Pakistan and Syria
2021-07-07Talos IntelligenceAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal
AllaKore NjRAT SideCopy
2020-09-23SeqriteKalpesh Mantri
Operation SideCopy!
2019-07-08Medium SebdravenSébastien Larinier
Copy cat of APT Sidewinder ?
AllaKore SideCopy

Credits: MISP Project