Home > List all groups > SideWinder, Rattlesnake

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: SideWinder, Rattlesnake

NamesSideWinder (Kaspersky)
Rattlesnake (Tencent)
T-APT-04 (Tencent)
APT-C-17 (Qihoo 360)
CountryIndia India
MotivationInformation theft and espionage
First seen2012
Description(Kaspersky) An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.
ObservedSectors: Defense, Government.
Countries: Afghanistan, Bangladesh, China, Myanmar, Nepal, Pakistan, Qatar, Sri Lanka.
Tools usedBroStealer, callCam.
Operations performedMar 2019First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group

Last change to this card: 15 May 2021

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key