This repository is a compilation of all Russian, Chinese, Iranian and North Koreans APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools that attackers might have used in actual attacks. These tools and TTPs are simulated here. I relied on Palo Alto Networks Unit 42, Kaspersky, Microsoft, Cisco, Trellix, CrowdStrike and WithSecure to figure out the details to make this simulations.
Caution
It's essential to note that this project is for educational and research purposes only, and any unauthorized use of it could lead to legal consequences.
The names of APT groups vary from one company to another, and in this simulations I have followed the names approved by CrowdStrike.
| Country | Russia 🇷🇺 |
China 🇨🇳 |
North Korea 🇰🇵 |
Iran 🇮🇷 |
|---|---|---|---|---|
| APT Groups | Cozy Bear (APT29) ✅ | Mustang Panda ✅ | Labyrinth Chollima ✅ | Helix Kitten |
| Voodoo Bear (APT44) ✅ | Lotus Panda | Velvet Chollima ✅ | Pioneer Kitten | |
| Fancy Bear (APT28) ✅ | Wicked Panda (APT41) ✅ | Famous Chollima | Clever Kitten | |
| Energetic Bear ✅ | Goblin Panda | Silent Chollima | Static Kitten | |
| Berserk Bear ✅ | Anchor Panda | Ricochet Chollima | Tracer Kitten | |
| Gossamer Bear ✅ | Deep Panda | Stardust Chollima | Nemesis Kitten | |
| Primitive Bear ✅ | Samurai Panda | Spectral Kitten | ||
| Ember Bear ✅ | Phantom Panda | |||
| Venomous Bear ✅ | Sunrise Panda | |||
| Ethereal Panda |
All of this adversary simulation is powered by Bear-C2.
https://github.com/S3N4T0R-0X0/BEAR
This is for research, awareness, and educational purposes, I am not responsible if anyone uses this technique for illegal purposes.