CrimsonRAT
CrimsonRAT APT36 Transparent Tribe Pakistan 2017. ICWA Mumbai India diplomatic lure. java-for-minecraft.com. .NET+Delphi.
Threat Profile
Type
RAT
Programming Language.NET
C2 ProtocolTCP
First Seen2018
Targets
Hindistan, Pakistan — hukumet, savunma, think-tank
Purpose / Capabilities
- Cyber Espionage
- File Theft
- Remote Access
C2 Servers 2
2 Active
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
java-for-minecraft.com
|
80 | HTTP | Active | |
java-for-minecraft.com
|
80 | HTTP | Active |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (3)
CrimsonRAT/APT36 -- ICWA Hindistan Diplomatik Davet Mektubu Lure, java-for-minecraft.com | Kritik
CrimsonRAT APT36 Transparent Tribe 4.7MB. Invitation-Letter-Fazel-Mumbai-House-ICWA lure. java-for-minecraft.com sahte Java.
Read Report →CrimsonRAT -- Davet Mektubu Mumbai Lure, java-for-minecraft.com C2, Hint APT | Kritik
CrimsonRAT ISO. Mumbai davet mektubu lure. CLEARTEXT C2: java-for-minecraft.com. Hint APT hedefleme.
Read Report →CrimsonRAT ISO Dropper — APT36 ICWA India Lure, TLauncher Persistence, PowerShell Unblock | Kritik
CrimsonRAT ISO dropper — APT36 hedefli ICWA India think-tank daveti, TLauncher.exe kalicilik, PowerShell Unblock-File bypass.
Read Report →