Group description: Scarlet Mimic

Scarlet Mimic, Group G0029 | MITRE ATT&CK® ATT&CK v19 will be released April 28th! Check out this blog post for information on the planned deprecation of Enterprise's Defense Evasion tactic in the upcoming release. Home Groups Scarlet Mimic Scarlet Mimic Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda , it has not been concluded that the groups are the same. [1] ID:  G0029 Version : 1.2 Created:  31 May 2017 Last Modified:  25 April 2025 Version Permalink Live Version ATT&CK ® Navigator Layers Enterprise Layer download view Techniques Used Domain ID Name Use Enterprise T1036 .002 Masquerading : Right-to-Left Override Scarlet Mimic has used the left-to-right override character in self-extracting RAR archive spearphishing attachment file names. [1] Software ID Name References Techniques S0077 CallMe [1] Command and Scripting Interpreter : Unix Shell , Encrypted Channel : Symmetric Cryptography , Exfiltration Over C2 Channel , Ingress Tool Transfer S0076 FakeM [1] Data Obfuscation : Protocol or Service Impersonation , Encrypted Channel : Symmetric Cryptography , Input Capture : Keylogging , Non-Application Layer Protocol S0079 MobileOrder [1] Browser Information Discovery , Data from Local System , Exfiltration Over C2 Channel , File and Directory Discovery , Ingress Tool Transfer , Process Discovery , System Information Discovery S0078 Psylo [1] Application Layer Protocol : Web Protocols , Exfiltration Over C2 Channel , File and Directory Discovery , Indicator Removal : Timestomp , Ingress Tool Transfer References Falcone, R. and Miller-Osborn, J.. (2016, January 24). Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. Retrieved February 10, 2016. × load more results