SideCopy

[SideCopy](https://attack.mitre.org/groups/G1008) is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. [SideCopy](https://attack.mitre.org/groups/G1008)'s name comes from its infection chain that tries to mimic that of [Sidewinder](https://attack.mitre.org/groups/G0121), a suspected Indian threat group.(Citation: MalwareBytes SideCopy Dec 2021)

Techniques

Covered

Gaps

94%

Coverage

Coverage15/16

GAPS (1)

T1614System Location Discovery

COVERED (15)

T1016System Network Configuration Discovery39 det.T1036.005Match Legitimate Resource Name or Location44 det.T1059.005Visual Basic68 det.T1082System Information Discovery86 det.T1105Ingress Tool Transfer183 det.T1106Native API29 det.T1204.002Malicious File425 det.T1218.005Mshta49 det.T1518Software Discovery17 det.T1518.001Security Software Discovery10 det.T1566.001Spearphishing Attachment905 det.T1574.001DLL109 det.T1584.001Domains3 det.T1598.002Spearphishing Attachment2 det.T1608.001Upload Malware3 det.