Description
[Crimson](https://attack.mitre.org/software/S0115) is a remote access Trojan that has been used by [Transparent Tribe](https://attack.mitre.org/groups/G0134) since at least 2016.(Citation: Proofpoint Operation Transparent Tribe March 2016)(Citation: Kaspersky Transparent Tribe August 2020)
External References
Techniques Used by This Malware
- T1005 — Data from Local System
- T1012 — Query Registry
- T1016 — System Network Configuration Discovery
- T1025 — Data from Removable Media
- T1033 — System Owner/User Discovery
- T1041 — Exfiltration Over C2 Channel
- T1056.001 — Keylogging
- T1057 — Process Discovery
- T1059.003 — Windows Command Shell
- T1070.004 — File Deletion
- T1071.001 — Web Protocols
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1091 — Replication Through Removable Media
- T1095 — Non-Application Layer Protocol
- T1105 — Ingress Tool Transfer
- T1112 — Modify Registry
- T1113 — Screen Capture
- T1114.001 — Local Email Collection
- T1120 — Peripheral Device Discovery
- T1123 — Audio Capture
- T1124 — System Time Discovery
- T1125 — Video Capture
- T1140 — Deobfuscate/Decode Files or Information
- T1497.003 — Time Based Evasion
- T1518.001 — Security Software Discovery
- T1547.001 — Registry Run Keys / Startup Folder
- T1555.003 — Credentials from Web Browsers
- T1614 — System Location Discovery