The SideWinder advanced persistent threat (APT) group, also known as “T-APT-04” or “RattleSnake,” has been around for more than a decade now. So it is not surprising for its network to have grown over the years. In fact, as many as 100 domains have been identified as SideWinder indicators of compromise (IoCs) as of 15 October 2024.1
The WhoisXML API research team dove deep into the existing SideWinder network using DNS intelligence by expanding the current IoC list and found:
- Six email-connected domains
- 22 IP addresses, 20 of which turned out to be malicious
- 176 IP-connected domains, 130 of which turned out to be associated with various threats
- 370 string-connected domains, 21 of which have already figured in malicious campaigns
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://securelist.com/sidewinder-apt/114089/