Crimson

Malware Profile Updated a month ago
Download STIX
Preview STIX
Crimson is a malicious software (malware) that has been actively used in cyberattacks since 2013. It was notably deployed by ProjectM, a cybercriminal group known for its extensive use of malware such as the Crimson RAT, Capra RAT, and Oblique RAT in their campaigns. The malware was disseminated through various channels, including suspicious downloads, emails, and websites. One notable instance involved an advertisement hosted on "sahirlodhi[.]com", which was also used by ProjectM as a download location for a sample of the Crimson tool. Additionally, a blog with a theme related to India bore striking resemblance to the India News Tribe blog (intribune[.]blogspot[.]com), which was used by ProjectM in Operation Transparent Tribe to deliver Crimson payloads. The Crimson malware has demonstrated significant capabilities, including the ability to steal personal information, disrupt operations, and potentially hold data hostage for ransom. During research, the registration information of the Andromeda, Crimson, and Peppy Trojan command and control domains used by ProjectM were analyzed. A notable component of the malware is the USB Worm, designed for stealing files from removable drives, spreading across systems by infecting removable media, and downloading and executing the "Thin Client" component from a remote Crimson server. Despite these threats, it's important to note that passwords entered via the Crimson system web server do not suffer from this vulnerability. In a recent incident, the Alabama Crimson Tide football team expressed concerns over potential hacking threats related to the Crimson malware. In preparation for the College Football Playoff semifinal against Michigan, the team restricted their players' game film viewing on iPads due to these concerns. This decision caused quite a stir at the Rose Bowl. However, Alabama head coach Nick Saban downplayed the concerns about iPads and the Catapult system. Despite these events, it's worth noting that the Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device, again without suffering from the aforementioned vulnerability.
What's your take? (Question 1 of 5)
8041c82b-e72c-4239-932f-66e12f184118 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Trojan
Exploit
Vulnerability
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT36Unspecified
4
APT36, also known as Transparent Tribe and Earth Karkaddan, is a threat actor suspected to be based in Pakistan and has been active since at least 2013. This group has been involved in cyberespionage activities, deploying an array of espionage and data exfiltration tools primarily compatible with th
Transparent TribeUnspecified
4
Transparent Tribe is a threat actor known for conducting malicious campaigns against organizations in South Asia. The group has been linked to the ObliqueRAT malware and CrimsonRAT through its infrastructure, which includes the domains vebhost[.]com, zainhosting[.]net/com, and others. The group has
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Crimson Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Transparent Tribe: Evolution analysis, part 1 | Securelist
MITRE
a year ago
ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe
InfoSecurity-magazine
a year ago
Pakistan-Aligned Hackers Disrupt Indian Education Sector
CERT-EU
a year ago
Pakistan-linked hackers target India’s education sector with Crimson malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
BankInfoSecurity
a year ago
APT36 Running Espionage Ops Against India's Education Sector
CISA
7 months ago
Red Lion Crimson | CISA
CERT-EU
7 months ago
Red Lion Crimson
CERT-EU
a year ago
Microsoft is giving hackers weather-themed names like storm, typhoon, and blizzard | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
Here is why Siege’s new operator Brava is going to be a game-changer with her hacking drone — SiegeGG | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
CERT-EU
5 months ago
Jim Harbaugh responds to Alabama players not watching film on iPads due to hacking allegations | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
3 months ago
Search | arXiv e-print repository
CERT-EU
7 months ago
NVD - CVE-2023-5719
CERT-EU
7 months ago
SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT
CERT-EU
10 months ago
Hackers Deliver Updated STRRAT Malware Using Weaponized PDF Files
CERT-EU
a year ago
Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry - GIXtools
CERT-EU
5 months ago
Hacking Concerns Rose Bowl Teams | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting