← threatfilter.dev / all groups / SideCopy
SideCopy
Overview
SideCopy is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. SideCopy's name comes from its infection chain that tries to mimic that of Sidewinder, a suspected Indian threat group.
TTPs — 16 techniques across 7 tactics
Reconnaissance
-
T1598.002Spearphishing Attachment
Resource Development
-
T1584.001Domains -
T1608.001Upload Malware
Initial Access
-
T1566.001Spearphishing Attachment
Execution
-
T1059.005Visual Basic -
T1106Native API -
T1204.002Malicious File
Stealth
-
T1036.005Match Legitimate Resource Name or Location -
T1218.005Mshta -
T1574.001DLL
Discovery
-
T1016System Network Configuration Discovery -
T1082System Information Discovery -
T1518Software Discovery -
T1518.001Security Software Discovery -
T1614System Location Discovery
Command and Control
-
T1105Ingress Tool Transfer
Tools & malware (2)
AuTo Stealer · Action RAT
Reporting (1)
- SideCopy APT: Connecting lures victims, payloads to infrastructure — Threat Intelligence Team