🔍 Tool: APTs Adversary Simulation

hasamba@infosec.exchange

----------------

Tool: APTs Adversary Simulation
===================

This repository aggregates detailed adversary simulation campaigns that mirror tactics, techniques and procedures (TTPs) attributed to state-sponsored APT groups from Russia, China, Iran and North Korea. The collection documents multiple simulated campaigns and includes artifacts such as custom command-and-control (C2) components, backdoors, stagers, bootloaders and other payloads. Research sources referenced in the collection include major industry reports from Palo Alto Unit 42, Kaspersky, Microsoft, Cisco, Trellix, CrowdStrike and WithSecure.

Structure and contents
• Cataloged APT simulations aligned with CrowdStrike-style group names and taxonomy. Group simulations listed include multiple “Bear” variants for Russia and several “Panda” variants for Chinese actors, plus DPRK and Iranian-themed simulations.
• Artifact types enumerated in the repository include C2 servers and protocols, custom backdoor implants, initial stagers, secondary loaders/bootloaders and supporting scripts or tooling intended to emulate post-exploitation activity.
• Metadata and descriptive notes map simulated behaviors to observable TTPs and reference vendor reporting where applicable, enabling defenders to correlate simulation steps with published detections.

Technical scope (what is present, not how-to)
• Emulated network components for C2 communications and session management.
• Multiple binary and scripting artifacts representing stagers and backdoors, designed to reflect operational patterns observed in public APT reporting.
• Behavioral sequences and campaign outlines that describe chain-of-actions executed by the simulated actors.

Attack chain summary
• Initial Access — Simulated vectors and initial stagers representing entry methods.
• Download — Artifacts and payload delivery stages mimicking secondary payload retrieval.
• ️ Execution — Stagers and loaders that transition payloads into memory or disk execution.
• 🦠 Infection — Backdoor implants and persistence mechanisms used to emulate sustained presence.
• Exfiltration — Descriptions of simulated data staging and exfiltration patterns where included.

Limitations and intent

The repository is presented explicitly for educational, research and defensive security purposes. It documents emulated offensive behaviors based on public reports and is not a source of exploitation guidance. No installation, execution or deployment instructions are provided within this summary.

MITRE_ATT&CK #C2 #adversary_simulation #APT #backdoor

Source: https://github.com/S3N4T0R-0X0/APTs-Adversary-Simulation/tree/main/Iranian%20APT/Static%20Kitten