Perform automated breach emulations by imitating real malware with RedMimicry. The malware emulation includes network and host based indicators of compromise. Use RedMimicry to challenge endpoint and network intrusion detection and network intrusion prevention tools, or test the overall visibility, alerting and response capabilities in a larger network.

In order to provide a standardized taxonomy for the actions carried out, events are reported with the corresponding MITRE ATT&CK techniques.

Besides performing automated breach emulations RedMimicry agents can be used to manually interact with the target system by using the integrated shell.

Since RedMimicry is distributed as a single binary, it is trivial to deploy and setup.

The first release emulates the Winnti malware variant from around 2015 as used by Wicked Panda. In order to read up on the specific techniques implemented in the RedMimicry Winnti release take a look at the blogpost RedMimicry - Winnti Emulation.

Stay tuned for new malware emulation profiles and additional features

RedMimicry is a non-commercial private software project. In order to learn how to get access to RedMimicry head over to Download.


A short demonstration video of a breach emulation conducted by RedMimicry:

Demo Video


Thank you to ciko (who by the way runs a blog at for helping me out with the frontend code. Additional thanks goes to all the people testing and providing feedback for RedMimicry.