G0121 · 30 ATT&CK techniques · 0 correlated reports

Sidewinder

Aliases: T-APT-04, Rattlesnake

Sidewinder is a suspected Indian threat actor group that has been active since at least 2012. They have been observed targeting government, military, and business entities throughout Asia, primarily focusing on Pakistan, China, Nepal, and Afghanistan.

Open interactive actor investigation

ATT&CK techniques

T1203
Exploitation for Client Execution T1518.001
Security Software Discovery T1218.005
Mshta T1598.003
Spearphishing Link T1124
System Time Discovery T1566.002
Spearphishing Link T1074.001
Local Data Staging T1057
Process Discovery T1059.007
JavaScript T1027.013
Encrypted/Encoded File T1020
Automated Exfiltration T1105
Ingress Tool Transfer T1547.001
Registry Run Keys / Startup Folder T1071.001
Web Protocols T1559.002
Dynamic Data Exchange T1083
File and Directory Discovery T1016
System Network Configuration Discovery T1598.002
Spearphishing Attachment T1027.010
Command Obfuscation T1059.001
PowerShell T1518
Software Discovery T1059.005
Visual Basic T1082
System Information Discovery T1119
Automated Collection T1566.001
Spearphishing Attachment T1036.005
Match Legitimate Name or Location T1204.001
Malicious Link T1204.002
Malicious File T1033
System Owner/User Discovery T1574.002
DLL Side-Loading

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research