RAZOR TIGER

Also known as: SideWinder, Rattlesnake, APT-C-17, T-APT-04, RAZOR TIGER, éĢžéēĻ - APT-C-17

An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.

🌍 Country India
Government Military Private Sector

Targeted Victims

China Pakistan Nepal Afghanistan

Introduction

An actor mainly targeting Pakistan military targets, active since at least 2012. We have low confidence that this malware might be authored by an Indian company. To spread the malware, they use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.

Activities and Tactics

Targeted Sectors: Government, Military, Private Sector

Country of Origin: ðŸ‡ŪðŸ‡ģ India

Suspected Victims: China, Pakistan, Nepal, Afghanistan

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • PowerDuke
  • POWERSTATS
  • Power Loader
  • POWERSOURCE
  • Xploit
  • PowerRAT

Attribution and Evidence

Country of Origin: India Additional attribution information pending cataloguing.

References

References pending cataloguing.