Pulse Detail — Threat Intelligence

PULSE NAME

The Overlapping Cyber Strategies Of Transparent Tribe And SideCopy Against India

WHITE SideCopy AlienVault 2024-05-15 Modified: 2024-06-14

IOCs

MEDIUM VOLUME

CRIL's analysis revealed SideCopy APT group's sophisticated malware campaign, employing malicious LNK files and a complex infection chain involving HTAs and loader DLLs to deploy malware like ReverseRAT and Action RAT. SideCopy targets Indian universities and government entities, suggesting potential overlap with Transparent Tribe's tactics. The campaign leverages spam emails with malicious links to initiate infections and establish backdoor access for data exfiltration and remote control of victim systems. SideCopy demonstrates evolving techniques, demanding heightened cybersecurity vigilance to defend against persistent threats.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1047 T1082 T1071 T1053 T1140 T1112 T1059 T1083 T1547.001 T1027 T1518.001 T1027.002 T1574.002 T1105

MALWARE FAMILIES

ReverseRAT Action RAT - S1028

Indicators of Compromise (36)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	2915b3f8b703eb744fc54c81f4a9c67f	—	2024-05-15
FileHash-MD5	565cac3dffde44fa487014e69b13140a	—	2024-05-15
FileHash-MD5	5fc7a9d515067008095a439837881713	—	2024-05-15
FileHash-MD5	614896fea882b17b193b41d4e3e593ac	—	2024-05-15
FileHash-MD5	6e02fe7c188c417802008e147c248eb1	—	2024-05-15
FileHash-MD5	7bdbd180c081fa63ca94f9c22c457376	—	2024-05-15
FileHash-MD5	80ac09458e5e5fbd8e500ef0f7313bd2	—	2024-05-15
FileHash-MD5	8a71e3c45d8fa81d90ab56681de8e57c	—	2024-05-15
FileHash-MD5	b20cb8caf27d4508f6d1a51a92df49a3	—	2024-05-15
FileHash-SHA1	36d244241c9ed6cb526d706ab49c2324037fa48c	—	2024-05-15
FileHash-SHA1	47451a404a8acec6b5cee7e0c5cbc1bb19f1fa59	—	2024-05-15
FileHash-SHA1	868570ac0ff9ea4e281b2ef4176619aabf6bf59b	—	2024-05-15
FileHash-SHA1	9618a1d588746ba571be3cfef7d864ffd840d020	—	2024-05-15
FileHash-SHA1	af707ed85e03449729e6b04bcfb4c176d71faa6c	—	2024-05-15
FileHash-SHA1	bcfac98117d9a52a3196a7bd041b49d5ff0cfb8c	—	2024-05-15
FileHash-SHA1	d23489bf492839dd9095a332c59a450cb840f401	—	2024-05-15
FileHash-SHA1	e03e89d6f3defa8a0d670910f3164b899ece35a5	—	2024-05-15
FileHash-SHA1	e10361a11f8a7f232ac3cb2125c1875a0a69a3e4	—	2024-05-15
FileHash-SHA256	37f20f232aa86316901baccbb44af1668b1d868c1ca9aba8fcb36584352b3e0f	—	2024-05-15
FileHash-SHA256	4a81bb3f9f9fe8a10002c043210ff537c2fd4a879a694d0f18468c70eaf65cfe	—	2024-05-15
FileHash-SHA256	81038a217237afd16d80da7fc9219cbd145f9698bb512e2b625559a47ba73fec	—	2024-05-15
FileHash-SHA256	902e087711ab8e612bd7cea9864bbadbe20a3500ba57f26f6eeb0b5b20b803ec	—	2024-05-15
FileHash-SHA256	93fb036e65c0683af5ffb98e2b61e30499dec068a4e15bf3bec8066d3e246852	—	2024-05-15
FileHash-SHA256	9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507	—	2024-05-15
FileHash-SHA256	a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91	—	2024-05-15
FileHash-SHA256	bc1acdca196f1ff72722243be2afe1429b88122afb9d4852d6d6e57689411d3d	—	2024-05-15
FileHash-SHA256	d777bcb6fba73faf96cb422383404c3b81a8afa5aebbc8ed70076081de7daa0c	—	2024-05-15
URL	http://dns1.indianblog.xyz/dailyworkout	—	2024-05-15
URL	https://reviewassignment.online//files//backup//ap.txt	—	2024-05-15
URL	https://reviewassignment.online/files/backup/ap.txt	—	2024-05-15
URL	https://reviewassignment.online/files/documents/bs/economy/1.hta	—	2024-05-15
URL	https://reviewassignment.online/files/documents/bs/it/1.hta	—	2024-05-15
URL	https://reviewassignment.online/files/documents/bs/survey/1.hta	—	2024-05-15
domain	reviewassignment.in	—	2024-05-15
domain	reviewassignment.online	—	2024-05-15
hostname	dns1.indianblog.xyz	—	2024-05-15

References (1)

↗ https://cyble.com/blog/the-overlapping-cyber-strategies-of-transparent-tribe-and-sidecopy-against-india/