Home >
List all groups > SideWinder, Rattlesnake
APT group: SideWinder, Rattlesnake
| Names | SideWinder (Kaspersky)
Rattlesnake (Tencent)
T-APT-04 (Tencent)
APT-C-17 (Qihoo 360) |
| Country |  India |
| Motivation | Information theft and espionage |
| First seen | 2012 |
| Description | (Kaspersky) An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages. |
| Observed | Sectors: Defense, Government.
Countries: Afghanistan, Bangladesh, China, Myanmar, Nepal, Pakistan, Qatar, Sri Lanka. |
| Tools used | callCam. |
| Operations performed | Mar 2019 | First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
<https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/> |
| Information | <https://securelist.com/apt-trends-report-q1-2018/85280/>
<https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/fireeye-sidewinder-targeted-attack.pdf>
<https://medium.com/@Sebdraven/apt-sidewinder-tricks-powershell-anti-forensics-and-execution-side-loading-5bc1a7e7c84c>
<https://s.tencent.com/research/report/479.html>
<https://s.tencent.com/research/report/659.html>
<https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf> |
Last change to this card: 20 January 2021
Download this actor card in PDF or JSON format
