This repository is a compilation of all Russian, Chinese, Iranian and North Koreans APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation techniques, stagers, bootloaders, and many other tools that attackers might have used in actual attacks. These tools and TTPs are simulated here. I relied on Palo Alto Networks Unit 42, Kaspersky, Microsoft, Cisco, Trellix, CrowdStrike and WithSecure to figure out the details to make this simulations.
Caution
It's essential to note that this project is for educational and research purposes only, and any unauthorized use of it could lead to legal consequences.
The names of APT groups vary from one company to another, and in this simulations I have followed the names approved by CrowdStrike.
These are all the names of the APT groups, and I simulated one attack for each group.
| Country | Russia 🇷🇺 |
China 🇨🇳 |
North Korea 🇰🇵 |
Iran 🇮🇷 |
|---|---|---|---|---|
| APT Groups | Cozy Bear (APT29) ✅ | Mustang Panda ✅ | Labyrinth Chollima ✅ | Helix Kitten |
| Fancy Bear (APT28) ✅ | Wicked Panda (APT41) ✅ | Stardust Chollima | Clever Kitten | |
| Energetic Bear ✅ | Goblin Panda | Silent Chollima | Static Kitten | |
| Berserk Bear ✅ | Anchor Panda | Ricochet Chollima | Tracer Kitten | |
| Gossamer Bear ✅ | Deep Panda | Velvet Chollima | Nemesis Kitten | |
| Voodoo Bear (APT44) ✅ | Samurai Panda | Famous Chollima | Spectral Kitten | |
| Ember Bear ✅ | Phantom Panda | |||
| Venomous Bear ✅ | Sunrise Panda | |||
| Primitive Bear ✅ | Ethereal Panda |
All of this adversary simulation is powered by Bear-C2.
https://github.com/S3N4T0R-0X0/BEAR
Disclaimer: This is for research, awareness, and educational purposes, I am not responsible if anyone uses this technique for illegal purposes.