SideCopy

OriginÍndia

Techniques (MITRE ATT&CK)16

SourceMITRE ATT&CK

Vexday analysis

Grupo de ameaça persistente avançada (APT) de origem paquistanesa, o SideCopy atua desde pelo menos 2019 com foco principal em países do Sul da Ásia, incluindo pessoal governamental indiano e afegão. Seu nome deriva da cadeia de infecção característica do grupo, que imita deliberadamente as táticas do Sidewinder, um grupo de ameaça suspeito de origem indiana. O MITRE ATT&CK documenta o grupo sob o identificador G1008, com 16 técnicas atribuídas.

Techniques (MITRE ATT&CK) 16

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance

Spearphishing Attachment

Resource development

Domains Upload Malware

Initial access

Spearphishing Attachment

Execution

Visual Basic Native API Malicious File

Discovery

System Network Configuration Discovery System Information Discovery Software Discovery Security Software Discovery System Location Discovery

Command and control

Ingress Tool Transfer

stealth

Match Legitimate Resource Name or Location Mshta DLL

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

SideCopy uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →