Scarlet Mimic
Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda, it has not been concluded that the groups are the same. [1]
ID: G0029
Version: 1.2
Created: 31 May 2017
Last Modified: 30 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1036 | .002 | 伪装: Right-to-Left Override |
Scarlet Mimic has used the left-to-right override character in self-extracting RAR archive spearphishing attachment file names.[1] |
Software
| ID | Name | References | Techniques |
|---|---|---|---|
| S0077 | CallMe | [1] | 加密通道: Symmetric Cryptography, 命令与脚本解释器: Unix Shell, 输入工具传输, 通过C2信道渗出 |
| S0076 | FakeM | [1] | 加密通道: Symmetric Cryptography, 数据混淆: Protocol or Service Impersonation, 输入捕获: Keylogging, 非应用层协议 |
| S0079 | MobileOrder | [1] | 从本地系统获取数据, 文件和目录发现, 浏览器信息发现, 系统信息发现, 输入工具传输, 进程发现, 通过C2信道渗出 |
| S0078 | Psylo | [1] | 应用层协议: Web Protocols, 文件和目录发现, 移除指标: Timestomp, 输入工具传输, 通过C2信道渗出 |