TIARAS - Scarlet Mimic

Threat Actor Profile

High APT

Description

Scarlet Mimic is a threat group that has targeted minority rights activists. This group has not been directly linked to a government source, but the group's motivations appear to overlap with those of the Chinese government. While there is some overlap between IP addresses used by Scarlet Mimic and Putter Panda, it has not been concluded that the groups are the same. (Citation: Scarlet Mimic Jan 2016)

Confidence Score

90%

Known Aliases

Scarlet Mimic

First Seen

Unknown

Last Updated

Unknown

Active Status

Active

Created

April 29, 2026

MITRE ATT&CK Techniques (1)

T1036.002 - Right-to-Left Override

Defense Evasion

Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel

STIX Data

{'aliases': ['Scarlet Mimic'],
 'created': '2017-05-31T21:32:00.677Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': '[Scarlet Mimic](https://attack.mitre.org/groups/G0029) is a '
                'threat group that has targeted minority rights activists. '
                'This group has not been directly linked to a government '
                "source, but the group's motivations appear to overlap with "
                'those of the Chinese government. While there is some overlap '
                'between IP addresses used by [Scarlet '
                'Mimic](https://attack.mitre.org/groups/G0029) and [Putter '
                'Panda](https://attack.mitre.org/groups/G0024), it has not '
                'been concluded that the groups are the same. (Citation: '
                'Scarlet Mimic Jan 2016)',
 'external_references': [{'external_id': 'G0029',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0029'},
                         {'description': '(Citation: Scarlet Mimic Jan 2016)',
                          'source_name': 'Scarlet Mimic'},
                         {'description': 'Falcone, R. and Miller-Osborn, J.. '
                                         '(2016, January 24). Scarlet Mimic: '
                                         'Years-Long Espionage Campaign '
                                         'Targets Minority Activists. '
                                         'Retrieved February 10, 2016.',
                          'source_name': 'Scarlet Mimic Jan 2016',
                          'url': 'http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/'}],
 'id': 'intrusion-set--c5574ca0-d5a4-490a-b207-e4658e5fd1d7',
 'modified': '2025-04-25T14:49:45.222Z',
 'name': 'Scarlet Mimic',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'spec_version': '2.1',
 'type': 'intrusion-set',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_version': '1.2'}