INIndiaG0121

RAZOR TIGERRAZOR TIGER

Also known as: SideWinder · Rattlesnake · APT-C-17 · T-APT-04 · RAZOR TIGER

Origin
IN
Known aliases
5
Target sectors
3
Attribution
State-sponsored

Profile

An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.

Aliases· 5

SideWinderRattlesnakeAPT-C-17T-APT-04RAZOR TIGER

Target sectors· 3

GovernmentMilitaryPrivate Sector

Known victims· 4

  • China
  • Pakistan
  • Nepal
  • Afghanistan

MITRE ATT&CK Group crosswalk

G0121

References

  1. https://securelist.com/apt-trends-report-q1-2018/85280/
  2. https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
  3. https://otx.alienvault.com/pulse/5fd10760f9afb730d37c4742/
  4. https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html
  5. https://s.tencent.com/research/report/659.html
  6. https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/fireeye-sidewinder-targeted-attack.pdf
  7. https://s.tencent.com/research/report/479.html
  8. https://medium.com/@Sebdraven/apt-sidewinder-tricks-powershell-anti-forensics-and-execution-side-loading-5bc1a7e7c84c

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
VICEROY TIGER
Actor
HAZY TIGER
Actor
DragonSpark
Actor
Red Dev 17
Actor
ShaggyPanther
Actor
CardinalLizard
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.