What is Crimson?
Crimson (S0115) is a Remote Access Trojan (RAT) used by the APT group Transparent Tribe (APT36).
The primary function of this Crimson malware is to give the threat actor remote access to and control over a victim’s machine. Once installed, it can be used for espionage, data exfiltration, and to deploy additional malicious payloads on the compromised system.
How to Defend Against Crimson?
Defending against RATs like Crimson requires a focus on both prevention and detection of command-and-control (C2) activity.
- Be cautious with email attachments and links, as phishing is a primary delivery vector for this malware.
- Keep all software and operating systems patched to limit the vulnerabilities that can be exploited for initial access.
- Deploy endpoint detection (EDR) to detect and block the execution of known RATs and their behaviors.
- Use network detection (NDR) and integrated threat intelligence to spot and block C2 communications associated with Transparent Tribe.
