ETDA ThaiCERT
Report
Search
Home > List all groups > SideWinder, Rattlesnake

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: SideWinder, Rattlesnake

NamesSideWinder (Kaspersky)
Rattlesnake (Tencent)
T-APT-04 (Tencent)
APT-C-17 (Qihoo 360)
CountryIndia India
MotivationInformation theft and espionage
First seen2012
Description(Kaspersky) An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.
ObservedSectors: Defense, Government.
Countries: China, Pakistan and South Asia.
Tools usedcallCam.
Operations performedMar 2019First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
<https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/>
Information<https://securelist.com/apt-trends-report-q1-2018/85280/>
<https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/fireeye-sidewinder-targeted-attack.pdf>
<https://medium.com/@Sebdraven/apt-sidewinder-tricks-powershell-anti-forensics-and-execution-side-loading-5bc1a7e7c84c>
<https://s.tencent.com/research/report/479.html>
<https://s.tencent.com/research/report/659.html>

Last change to this card: 29 April 2020

Download this actor card in PDF or JSON format

Previous: ShaggyPanther
Next: Siesta

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key