Sidewinder
G01211 reportsaliases · Sidewinder · T-APT-04 · Rattlesnake
1
Reports
7
Techniques
4
Tactics
3
Countries
71%
Hunt coverage
3
Aliases
Analyst assessment — key judgments
- Signature techniques: T1059.007 (JavaScript), T1588.006 (Vulnerabilities), T1204 (User Execution).
- Primary targeting: US, PK, LK.
- Currently dormant: 0 report(s) in last 30d vs 0 prior (+0%).
- Hunt coverage 71% of 7 observed techniques (2 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
DormantLast 30d: 0 vs 0 prior (+0%)· first reported 2025-11-10 · last 2025-11-10
0
7d
0
30d
0
90d
1
All
0.0
Rpts/wk
Reporting timeline · 12 months
Movement — last 30 days
Dropped (90d+)
T1059.007T1588.006T1204T1059.001T1204.003T1027.003T1001.002Vulnerabilities in this actor's reporting · 2
- CVE-2017-0199KEV1 rpt
- CVE-2017-11882KEV1 rpt
Overview
Analyst triage
Intelligence summary
Sidewinder is a suspected Indian threat actor group that has been active since at least 2012. They have been observed targeting government, military, and business entities throughout Asia, primarily focusing on Pakistan, China, Nepal, and Afghanistan.(Citation: ATT Sidewinder January 2021)(Citation: Securelist APT Trends April 2018)(Citation: Cyble Sidewinder September 2020)
Top co-occurring indicators
Aliases & naming
Targeting · countries
Targeting · named victims
ATT&CK technique matrix
Coverage vs hunt library:
—
Hunt-coverage gaps — prioritized
Top techniques by observation
- T1059.007 · JavaScriptconf 601
- T1588.006 · Vulnerabilitiesconf 601
- T1204 · User Executionconf 601
- T1059.001 · PowerShellconf 601
- T1204.003 · Malicious Imageconf 601
- T1027.003 · Steganographyconf 601
- T1001.002 · Steganographyconf 601
Threat catalogue · engineering roadmap
Flagged detection-engineering queue
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
IOC type mix
Tooling / malware families
Relationships
Activity
30-day mention timeline
Recent reporting
| Title | Source | Severity | Collected |
|---|