216.73.217.22

Crimson

· Published 21/12/2025 00:01 · Modified 21/12/2025 00:01 · Source: AlienVault

Essential information

Confidence
100/100
Published
21/12/2025 00:01
Modified
21/12/2025 00:01
Updated at
21/12/2025 00:01
Revoked
No
Author / Source
AlienVault
Resource level
Primary motivation
Related entities
9 attack patterns (mitre), 2 malware, 3 sectors, 1 countries, 13 indicators

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Attack patterns (MITRE) (9)

  • T1547 uses
    Boot or Logon Autostart Execution
  • T1140 uses
    Deobfuscate/Decode Files or Information
  • T1127 uses
    Trusted Developer Utilities Proxy Execution
  • T1102 uses
    Web Service
  • T1027 uses
    Obfuscated Files or Information
  • T1566 uses
    Phishing
  • T1531 uses
    Account Access Removal
  • Inter-Process Communication uses
    T1559
  • T1113 uses
    Screen Capture

Malware (2)

  • Transparent Tribe
  • Crimson

Sectors (3)

  • Education targets
  • Defense ministries (including the military) targets
  • Government targets

Countries (1)

  • India targets

Indicators (13)

  • richa-sharma.ddns.net indicates
  • 32c2f8d068172457b33db145bc409a43df1175aaca30e2ac11d9b51c20bc807a indicates
  • cloud-drive.store indicates
  • drive-phone.online indicates
  • 5d2b37c02e60bbed036c9bb6e4f2c75de6e42c03b69c713c33d3b9325ed1b1ea indicates
  • e44864bc4f93bab943a71540af5a343cc186c078e6da79995e60fff22c12f129 indicates
  • 96c2ca2f52d3902cd7a91d1a2180098ee2d1d8b18c8f1c929ed977f0b10ea227 indicates
  • s1.fileditch.ch indicates
  • sunnyleone.hopto.org indicates
  • phone-drive.online indicates
  • 83494953bb6fc04774efe41ba5013ff2500feb0ea6e3a29bbcbf89ae4e9e8727 indicates
  • b74250a2259c947073225bbb24f11f4239d0ea4dabc45f4a40a4bbd46793fa6b indicates
  • 2006af8ccfa3a4511664c48c867d6b2325d9672ccbd7bc254d8068d13ee55110 indicates