Sidewinder
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 27/03/2026 01:14
- Updated at
- 27/03/2026 01:14
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 6 reports, 88 attack patterns (mitre), 16 malware, 12 sectors, 32 countries, 100 indicators, 3 vulnerabilities (cve), 1 tool
Aliases
T-APT-04 Rattlesnake
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (6)
-
2 Malwares 5 Observables 1 APT
-
2 CVEs 9 MITREs 2 Malwares 16 Observables 1 APT
-
21 MITREs 4 Malwares 1 APT
-
1 CVE 14 MITREs 3 Malwares 38 Observables 1 APT
-
1 CVE 21 MITREs 3 Malwares 158 Observables 1 APT
-
2 CVEs 11 MITREs 47 Observables 1 APT
Attack patterns (MITRE) (88)
Malware (16)
-
agent2.malz usesFamily
-
gwadardxgi.dll usesFamily
-
MpGear.dll usesFamily
-
Downloader Module usesFamily
-
Family
-
Cobalt Strike usesFamily
-
FileFix usesFamily
-
mysetup.exe usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ModuleInstaller usesFamily
-
Sidewinder uses
-
AdobeUpdateCore.exe usesFamily
-
WarHawk uses
Sectors (12)
-
Technology targets
-
Education targets
-
Retail targets
-
Healthcare targets
-
Services targets
-
Finance targets
-
Government targets
-
Energy targets
-
Telecommunications targets
-
Transportation targets
-
Defense targets
-
Defense ministries (including the military) targets
Countries (32)
-
Sri Lanka targets
-
Egypt targets
-
Afghanistan targets
-
United Arab Emirates targets
-
China targets
-
Algeria targets
-
Indonesia targets
-
Austria targets
-
Colombia targets
-
India targets
-
Nepal targets
-
Philippines targets
Indicators (100)
-
e1ix.movindicatesstix 100/100 Revoked· Valid until 11/08/2025 · Source: AlienVault -
stix 100/100 Revoked
SLF:SCPT:OffRelOleObjectHttp.A
· Valid until 12/08/2024 · Source: AlienVault -
kernet.infoindicatesstix 100/100 Revoked· Valid until 11/08/2025 · Source: AlienVault -
googlevip.icuindicatesstix 100/100 Revoked· Valid until 17/05/2026 · Source: AlienVault -
https://dawn.pakgov.org/news-946de614indicatesstix 100/100 Revoked· Valid until 19/07/2022 · Source: AlienVault -
stix 100/100 Revoked· Valid until 06/03/2026 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 01/12/2024 · Source: AlienVault
-
myanmar-gov-mm.fia-gov.netindicatesstix 100/100 Revoked· Valid until 19/07/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 19/07/2022 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 19/07/2022 · Source: AlienVault
-
as.pakmarines.comindicatesstix 100/100 Revoked· Valid until 15/09/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 19/07/2022 · Source: AlienVault
Vulnerabilities (CVE) (3)
Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
- Attack vector
- Local
- Complexity
- Low
- Published
- 15/11/2017
- Modified
- 29/05/2026
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/04/2017
- Modified
- 22/04/2026
Tool (1)
-
Koadic usesThe MITRE Corporation Confidence 100
[Koadic](https://attack.mitre.org/software/S0250) is a Windows post-exploitation framework and penetration testing tool that is publicly available on GitHub. [Koadic](https://attack.mitre.org/software/S0250) has several options for staging payloads and creating implants, and performs…