SideWinder, Rattlesnake

Description

(Kaspersky) An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.

Names

NameName-Giver
SideWinderKaspersky
RattlesnakeTencent
Razor TigerCrowdStrike
T-APT-04Tencent
APT-C-17Qihoo 360
Hardcore Nationalist?
HN2?
APT-Q-39?
BabyElephant?
GroupA21?

Country

Motivation

  • Information theft and espionage

First Seen

2012

Observed Sectors

Observed Countries

Tools

Operations

Information

Mitre Attack

Other Information

Uuid

4e925967-099e-4708-9bca-ade4890d847b

Last Card Change

2025-06-30