SideCopy

[SideCopy](https://attack.mitre.org/groups/G1008) is a Pakistani threat group that has primarily targeted South Asian countries, including Indian and Afghani government personnel, since at least 2019. [SideCopy](https://attack.mitre.org/groups/G1008)'s name comes from its infection chain that tries to mimic that of [Sidewinder](https://attack.mitre.org/groups/G0121), a suspected Indian threat group.(Citation: MalwareBytes SideCopy Dec 2021)

Techniques

Covered

Gaps

94%

Coverage

Coverage15/16

GAPS (1)

T1614System Location Discovery

COVERED (15)

T1016System Network Configuration Discovery35 det.T1036.005Match Legitimate Resource Name or Location44 det.T1059.005Visual Basic66 det.T1082System Information Discovery80 det.T1105Ingress Tool Transfer170 det.T1106Native API27 det.T1204.002Malicious File397 det.T1218.005Mshta46 det.T1518Software Discovery15 det.T1518.001Security Software Discovery8 det.T1566.001Spearphishing Attachment850 det.T1574.001DLL106 det.T1584.001Domains3 det.T1598.002Spearphishing Attachment1 det.T1608.001Upload Malware2 det.