This repository is a compilation of all Russian, Chinese, Iranian and North Koreans APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools that attackers might have used in actual attacks. These tools and TTPs are simulated here. I relied on Palo Alto Networks Unit 42, Kaspersky, Microsoft, Cisco, Trellix, CrowdStrike and WithSecure to figure out the details to make this simulations.
Caution
It's essential to note that this project is for educational and research purposes only, and any unauthorized use of it could lead to legal consequences.
These are all the names of the APT groups, and I simulated one attack for each group.
RUSSIA🇷🇺️
- Cozy Bear APT29 ✅️
- Fancy Bear APT28 ✅️
- Energetic Bear ✅️
- Berserk Bear ✅️
- Gossamer Bear ✅️
- Voodoo Bear APT44 ✅️
- Ember Bear ✅️
- Venomous Bear ✅️
- Primitive Bear ✅️
China🇨🇳️
- Mustang Panda ✅️
- Wicked Panda APT41
- Goblin Panda
- Anchor Panda
- Deep Panda
- Samurai Panda
- Phantom Panda
- Sunrise Panda
- Ethereal Panda
North Korea🇰🇵️
- Labyrinth Chollima ✅️
- Stardust Chollima
- Silent Chollima
- Ricochet Chollima
- Velvet Chollima
- Famous Chollima
Iran🇮🇷️
- Helix Kitten
- Clever Kitten
- Static Kitten
- Tracer Kitten
- Nemesis Kitten
- Spectral Kitten
All of this adversary simulation is powered by Bear-C2.
https://github.com/S3N4T0R-0X0/BEAR
Disclaimer: This is for research, awareness, and educational purposes, I am not responsible if anyone uses this technique for illegal purposes.