Scarlet Mimic

πŸ”΄ High
Also known as: G0029, Golfing Taurus, Scarlet Mimic

Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group’s motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda, it has not been concluded that the groups are the same. Scarlet Mimic Jan 2016

🌍 Country China
πŸ“… Activity 2016 β€” 2016
⚑ Risk Level High
🧭 ATT&CK G0029
Activists
2016
2016

Introduction

Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group’s motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda, it has not been concluded that the groups are the same. Scarlet Mimic Jan 2016

Activities and Tactics

Targeted Sectors: Activists

Country of Origin: πŸ‡¨πŸ‡³ China

Risk Level: High

First Seen: 2016

Last Activity: 2016

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

ATT&CK technique IDs (denormalized)

Notable Indicators of Compromise (IOCs)

No atomic indicators are listed in this profile. The APTnotes snapshot indexes 1 public reports that may contain IOCs; see Source Attribution for dataset links.

Malware and Tools

  • SHIPSHAPE
  • China Chopper
  • FakeM:
  • Psylo:
  • MobileOrder:

MITRE ATT&CK Software

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

[1] mitre-attack [3] Scarlet Mimic Jan 2016 Falcone, R. and Miller-Osborn, J.. (2016, January 24). Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. Retrieved February 10, 2016.