MCPcopy Create free account
hub / github.com/S3N4T0R-0X0/APTs-Adversary-Simulation

github.com/S3N4T0R-0X0/APTs-Adversary-Simulation @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
204 symbols 488 edges 33 files 36 documented · 18% updated 7d ago★ 1,092

Browse by type

Functions 191 Types & classes 13
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

APTs Adversary Simulation

Adversary Simulation APT Simulation MITRE ATT&CK TTPs Red Team

A comprehensive collection of simulated Advanced Persistent Threat (APT) attacks based on real world tactics, techniques, and procedures (TTPs) used by state sponsored APT Groups from Russia, China, Iran, and North Korea

imageedit_1_3882451879

[!CAUTION] Important Notice: This project is strictly for educational, research, and defensive security purposes only. Unauthorized use of these techniques may violate laws and result in serious legal consequences.

🧠 Overview

This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, command and control (C2) servers, backdoors, exploitation techniques, stagers, bootloaders, and other malicious artifacts that mirror those used in real world attacks. The simulations are based on extensive research from leading cybersecurity firms, including Palo Alto Unit 42, Kaspersky, Microsoft, Cisco, Trellix, CrowdStrike, and WithSecure.

Learn More About the Importance and Outcomes of the Experience: - Why Adversary Simulation? - Understanding the strategic value of simulating advanced threats - Adversary Simulation VS Adversary Emulation - Key differences and when to use each approach - How do I simulate an APT - Adversary Simulation Is Not a Methodology It's the Outcome of Experience

🎯 Simulated APT Groups

The naming convention for APT groups follows CrowdStrike's taxonomy.

photo_2025-11-09_04-26-38

Below is the complete list of simulated APT Groups:

Country of Origin Russia 🇷🇺 China 🇨🇳 North Korea 🇰🇵 Iran 🇮🇷
APT Groups Cozy Bear ✅

Voodoo Bear ✅

Fancy Bear ✅

Energetic Bear ✅

Berserk Bear ✅

Gossamer Bear ✅

Primitive Bear ✅

Ember Bear ✅

Venomous Bear ✅ | Mustang Panda ✅

Glacial Panda

Wicked Panda ✅

Goblin Panda

Anchor Panda

Deep Panda

Samurai Panda

Phantom Panda

Sunrise Panda

Ethereal Panda | Labyrinth Chollima ✅

Velvet Chollima ✅

Famous Chollima ✅

Stardust Chollima ✅

Ricochet Chollima ✅

Silent Chollima ✅ | Helix Kitten

Pioneer Kitten

Clever Kitten

Static Kitten ✅

Tracer Kitten

Nemesis Kitten

Charming Kitten

Pulsar Kitten

Remix Kitten

Haywire Kitten |

🛠️ Technical Framework

All adversary simulations are powered by BEAR-C2 a custom command and control framework designed for realistic threat simulation.

Bear-C2 Framework

Always Remember: "Be The Threat To Defeat It"

📫 Contact

Telegram Twitter/X LinkedIn Reddit

Core symbols most depended-on inside this repo

Shape

Function 169
Method 22
Class 13

Languages

C++56%
Python13%
C10%
Rust7%
C#6%
PHP4%

Modules by API surface

North Koreans APT/Ricochet Chollima/payload.cpp39 symbols
Iranian APT/Static Kitten/ Actual_Payload_HTTP_XOR.cpp19 symbols
North Koreans APT/Silent Chollima/GOVERSHELL.cpp18 symbols
Russian APT/Voodoo-Bear-APT/kapeka_backdoor.cpp14 symbols
Iranian APT/Static Kitten/RustyWater/reddit/src/main.rs13 symbols
Russian APT/Ember-Bear-APT/Discord-C2.py10 symbols
Russian APT/Venomous-Bear-APT/backdoor.c9 symbols
Russian APT/APT28-Adversary-Simulation/payload.cpp7 symbols
North Koreans APT/Stardust Chollima/Fake-Global-Processing-Center.cs7 symbols
Chinese APT/Wicked Panda/MoonWalk.cpp7 symbols
Russian APT/Voodoo-Bear-APT/C2-Server.php5 symbols
Russian APT/Energetic-Bear-APT/EnergeticBear_exploit.rb5 symbols

For agents

$ claude mcp add APTs-Adversary-Simulation \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page