Scarlet Mimic

Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda, it has not been concluded that the groups are the same. ^[1]

ID: G0029

Aliases: Scarlet Mimic

Version: 1.0

Alias Descriptions

Name	Description
Scarlet Mimic	^[1]

Software

ID	Name	Techniques
S0077	CallMe	Command-Line Interface, Exfiltration Over Command and Control Channel, Remote File Copy, Standard Cryptographic Protocol
S0076	FakeM	Custom Cryptographic Protocol, Data Obfuscation, Input Capture, Standard Application Layer Protocol, Standard Cryptographic Protocol
S0079	MobileOrder	Browser Bookmark Discovery, Data from Local System, Exfiltration Over Command and Control Channel, File and Directory Discovery, Process Discovery, Remote File Copy, Standard Cryptographic Protocol, System Information Discovery, Uncommonly Used Port
S0078	Psylo	Exfiltration Over Command and Control Channel, File and Directory Discovery, Remote File Copy, Standard Application Layer Protocol, Timestomp

References

Falcone, R. and Miller-Osborn, J.. (2016, January 24). Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. Retrieved February 10, 2016.