G1008 · 16 ATT&CK techniques · 0 correlated reports

SideCopy

Aliases: None listed

SideCopy is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. SideCopy's name comes from its infection chain that tries to mimic that of Sidewinder, a suspected Indian threat group.

Open interactive actor investigation

ATT&CK techniques

T1614
System Location Discovery T1518.001
Security Software Discovery T1584.001
Domains T1105
Ingress Tool Transfer T1016
System Network Configuration Discovery T1608.001
Upload Malware T1106
Native API T1059.005
Visual Basic T1518
Software Discovery T1566.001
Spearphishing Attachment T1574.002
DLL Side-Loading T1204.002
Malicious File T1082
System Information Discovery T1598.002
Spearphishing Attachment T1036.005
Match Legitimate Name or Location T1218.005
Mshta

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research