The Viper: SideWinder

← Home·Gallery·Techniques

Threat Intelligence Tarot

swords · 10

India (suspected)

G0121

★★★★★

risk 3/5

✦ The Viper ✦

SideWinder

Rattlesnake · APT-C-17 · T-APT-04

Pakistan militaryNepal governmentSri LankaBangladeshAfghanistan

Active since ~2012 · Pakistan military intelligence, Nepal and Sri Lanka surveillance, South Asian geopolitical monitoring

It moves low and fast, striking along the fault lines of South Asian geopolitics. Pakistan's military networks feel it every cycle; Nepal's government ministries know its lures by sight. The Viper is not subtle - it is prolific.

Tactics & Techniques

RCN

RDV

INI

EXC

PRS

PRV

EVA

CRD

DSC

LAT

COL

EXF

IMP

T1566.001

Spearphishing Attachment

Initial Access

T1059.007

JavaScript

Execution

T1027

Obfuscated Files or Information

Defense Evasion

T1036.005

Match Legitimate Name or Location

Defense Evasion

T1071.001

Web Protocols

Command and Control

Notable Operations

◆1,000+ cyberattacks documented in three years across South Asia
◆Pakistan Air Force and Navy targeting
◆Nepal and Sri Lanka governmental intrusions
◆JavaScript-based fileless execution chain deployment

Defenses

▸
Disable JavaScript execution from email-sourced files
CIS Control 9 ↗
▸
Application allowlisting on government endpoints
CIS Control 2 ↗
▸
Geopolitically-aware threat intelligence subscriptions
NIST CSF: ID.RA ↗
▸
Monitoring for LOLBin and living-off-the-land techniques
NIST CSF: DE.CM ↗

Reversed: Their Weakness

SideWinder's volume-over-sophistication approach creates a large forensic footprint. Its infrastructure reuse and consistent lure themes have made it one of the most-documented South Asian threat actors, providing defenders with extensive indicator libraries.

Share this adversary profile

← → arrow keys to browse

swipe to browse

← PreviousThe Grudge Next →The Collage

Related Adversaries

Data sourced from MITRE ATT&CK. For educational purposes.