SideCopy
MISP
Type:
Unknown
Unknown
Country:
PK
PK
First seen:
Unknown
Unknown
Details:
The SideCopy APT is a Pakistani threat actor that has been operating since at least 2019, mainly targeting South Asian countries and more specifically India and Afghanistan. Its name comes from its infection chain that tries to mimic that of the SideWinder APT. It has been reported that this actor has similarities with Transparent Tribe (APT36) and possibly is a subdivision of this actor. Cisco Talos and Seqrite have provided comprehensive reports on this actor’s activities.
MITRE ATT&CK:
View on MITRE
Techniques Used (16)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1016 | System Network Configuration Discovery | - |
| T1036.005 | Match Legitimate Resource Name or Location | - |
| T1059.005 | Visual Basic | - |
| T1082 | System Information Discovery | - |
| T1105 | Ingress Tool Transfer | - |
| T1106 | Native API | - |
| T1204.002 | Malicious File | - |
| T1218.005 | Mshta | - |
| T1518 | Software Discovery | - |
| T1518.001 | Security Software Discovery | - |
| T1566.001 | Spearphishing Attachment | - |
| T1574.001 | DLL | - |
| T1584.001 | Domains | - |
| T1598.002 | Spearphishing Attachment | - |
| T1608.001 | Upload Malware | - |
References (6)
- seqrite.com - Operation Sidecopy
- blog.malwarebytes.com - Sidecopy Apt Connecting Lures To Victims Payloads To Infrastructure
- telsy.com - Sidecopy Apt From Windows To Nix
- blog.talosintelligence.com - Sidecopy
- about.fb.com - Taking Action Against Hackers In Pakistan And Syria
- sebdraven.medium.com - Copy Cat Of Apt Sidewinder 1893059ca68d
Related Malware (2)
Metadata
| ID: | 341 |
| Created: | 13/01/2026 17:48 |
| Updated: | 07/03/2026 04:00 |