216.73.217.22

The Overlapping Cyber Strategies Of Transparent Tribe And SideCopy Against India

· Published 15/05/2024 15:16 · Modified 15/05/2024 15:32

Export JSON

Essential information

Published
15/05/2024 15:16
Modified
15/05/2024 15:32
Tags
2024-05-10 2024-05-15 action rat apt india infection chain malware rat reverserat
Related entities
21 observables, 1 intrusion sets (apt), 14 techniques (mitre), 2 malware, 4 others

Description

CRIL's analysis revealed SideCopy group's sophisticated campaign, employing malicious LNK files and a complex involving HTAs and loader DLLs to deploy like and . SideCopy targets Indian universities and government entities, suggesting potential overlap with Transparent Tribe's tactics. The campaign leverages spam emails with malicious links to initiate infections and establish backdoor access for data exfiltration and remote control of victim systems. SideCopy demonstrates evolving techniques, demanding heightened cybersecurity vigilance to defend against persistent threats.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (21)

  • 64.188.27.144
  • www.seqrite.com
  • https://reviewassignment.online/files/documents/bs/survey/1.hta
  • https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-day-and-linux-variant-of-ares-rat/&nbsp
  • https://reviewassignment.online/files/documents/bs/it/1.hta
  • https://reviewassignment.online/files/documents/bs/economy/1.hta
  • https://reviewassignment.online//files//backup//ap.txt
  • https://reviewassignment.online/files/backup/ap.txt
  • http://dns1.indianblog.xyz/dailyworkout
  • dns1.indianblog.xyz
  • reviewassignment.online
  • reviewassignment.in
  • d777bcb6fba73faf96cb422383404c3b81a8afa5aebbc8ed70076081de7daa0c
  • bc1acdca196f1ff72722243be2afe1429b88122afb9d4852d6d6e57689411d3d
  • 93fb036e65c0683af5ffb98e2b61e30499dec068a4e15bf3bec8066d3e246852
  • 902e087711ab8e612bd7cea9864bbadbe20a3500ba57f26f6eeb0b5b20b803ec
  • 81038a217237afd16d80da7fc9219cbd145f9698bb512e2b625559a47ba73fec
  • 4a81bb3f9f9fe8a10002c043210ff537c2fd4a879a694d0f18468c70eaf65cfe
  • 37f20f232aa86316901baccbb44af1668b1d868c1ca9aba8fcb36584352b3e0f
  • a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91
  • 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507

Intrusion sets (APT) (1)

  • SideCopy
    The MITRE Corporation Confidence 100

    [SideCopy](https://attack.mitre.org/groups/G1008) is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. [SideCopy](https://attack.mitre.org/groups/G1008)'s name comes from its …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14

Techniques (MITRE) (14)

  • T1574.002
  • T1027.002
    Software Packing
  • T1547.001
    Registry Run Keys / Startup Folder
  • T1518.001
    Security Software Discovery
  • T1082
    System Information Discovery
  • T1105
    Ingress Tool Transfer
  • T1083
    File and Directory Discovery
  • T1071
    Application Layer Protocol
  • T1047
    Windows Management Instrumentation
  • T1140
    Deobfuscate/Decode Files or Information
  • T1027
    Obfuscated Files or Information
  • T1053
    Scheduled Task/Job
  • T1112
    Modify Registry
  • T1059
    Command and Scripting Interpreter

Malware (2)

  • ReverseRAT
    Family
    Published 15/05/2024 15:16 · Modified 15/05/2024 15:16
  • Action RAT - S1028
    Family
    Published 29/07/2024 10:59 · Modified 29/07/2024 10:59

Others (4)

  • British Indian Ocean Territory
  • India
  • Education
  • Government

External references