Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda, it has not been concluded that the groups are the same. Disclaimer: We present this mapping to stimulate thinking about engagement activities to take advantage of the historically observed behavior of adversary, not to present all possibilities. We invite you to use this as a guide, understanding that adversary behavior is constantly changing and evolving.
Note: All ATT&CK Group sub-activity mappings have been remapped to their parent activity and were derived from Group Technique mappings in ATT&CK v8.
|ATT&CK® Technique||Adversary Vulnerability||Engagement Activity||Engagement Activity Description|
|Masquerading||When adversaries interact with network or system resources they are vulnerable to trigger tripwires or engage in easily detectable, anomalous behavior||System Activity Monitoring||Collect system activity logs that can reveal adversary activity.|