Куда я попал?
Scarlet Mimic
Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda, it has not been concluded that the groups are the same. (Citation: Scarlet Mimic Jan 2016)
ID: G0029
Associated Groups:
Version: 1.2
Created: 31 May 2017
Last Modified: 30 Mar 2020
Associated Group Descriptions |
|
| Name | Description |
|---|---|
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1036 | .002 | Masquerading: Right-to-Left Override |
Scarlet Mimic has used the left-to-right override character in self-extracting RAR archive spearphishing attachment file names.(Citation: Scarlet Mimic Jan 2016) |
Software |
|||
| ID | Name | References | Techniques |
|---|---|---|---|
| S0079 | MobileOrder | (Citation: Scarlet Mimic Jan 2016) | Standard Cryptographic Protocol, Exfiltration Over C2 Channel, Ingress Tool Transfer, Data from Local System, Process Discovery, System Information Discovery, File and Directory Discovery, Browser Bookmark Discovery, Uncommonly Used Port |
| S0076 | FakeM | (Citation: Scarlet Mimic Jan 2016) | Non-Application Layer Protocol, Symmetric Cryptography, Keylogging, Protocol Impersonation |
| S0077 | CallMe | (Citation: Scarlet Mimic Jan 2016) | Ingress Tool Transfer, Symmetric Cryptography, Unix Shell, Exfiltration Over C2 Channel |
| S0078 | Psylo | (Citation: Scarlet Mimic Jan 2016) | Web Protocols, File and Directory Discovery, Ingress Tool Transfer, Exfiltration Over C2 Channel, Timestomp |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.