Crimson
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 31/05/2017 23:33
- Modified
- 27/03/2026 01:03
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 42 attack patterns (mitre), 3 intrusion sets (apt), 3 sectors, 2 countries, 16 indicators, 1 vulnerabilities (cve), 1 campaign, 1 campaigns
Aliases
MSIL/Crimson
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (42)
Intrusion sets (APT) (3)
-
The MITRE Corporation Confidence 100
[Transparent Tribe](https://attack.mitre.org/groups/G0134) is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Crimson usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (3)
-
Government targets
-
Education targets
-
Defense ministries (including the military) targets
Countries (2)
-
India targets
-
Ukraine targets
Indicators (16)
-
stix 100/100 Revoked
Win.Spyware.CrimsonRat-9859243-0 SHA256 of 87e0ea08713a746d53bef7fb04632bfcd6717fa9
· Valid until 16/07/2024 · Source: AlienVault -
stix 100/100 Revoked
Win.Backdoor.CrimsonRAT-9953760-0 SHA256 of 973cb3afc7eb47801ff5d2487d2734ada6b4056f
· Valid until 16/07/2024 · Source: AlienVault -
stix 100/100 Revoked
Win.Spyware.CrimsonRat-9859243-0 SHA256 of 911226d78918b303df5110704a8c8bb599bcd403
· Valid until 16/07/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 03/12/2023 · Source: AlienVault
-
stix 100/100 Revoked
#Lowfi:Lua:Mampa:99!ml SHA256 of fd46411b315beb36926877e4b021721fcd111d7a
· Valid until 16/07/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 19/01/2025 · Source: AlienVault
-
stix 100/100 Revoked
SHA256 of 516db7998e3bf46858352697c1f103ef456f2e8e
· Valid until 16/07/2024 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of e000596ad65b2427d7af3313e5748c2e7f37fba7
· Valid until 16/07/2024 · Source: AlienVault
Vulnerabilities (CVE) (1)
RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …
- Attack vector
- Local
- Published
- 24/08/2023
- Modified
- 27/05/2026
Campaign (1)
-
C0011 uses
Campaigns (1)
-
C0011