May 24, 2026
C2 Hosts: 2
Crimson RAT
Also known as: SEEDOOR, Scarimson
It was first discovered in 2017 and has since been used to attack organizations around the world. The malware is often distributed through phishing emails or by exploiting vulnerabilities in outdated security software. Once Crimson RAT is installed on a computer, it can be used to steal data, spy on users, and even take control of the infected computers.
Some of the features of Crimson RAT include:
Remote control of infected computers
Data theft, such as passwords, files, and emails
User spying
Takeover of infected computers
Locking of infected computers
Extortion of payments
Linked Threat Actors
Operation C-Major
C2 Infrastructure
Hosting/VPS 50%
ISP/Residential 50%
Last 7 days
| Date | C2 Hosts |
|---|---|
| May 24, 2026 | 2 |
Further Reading
Transparent Tribe: Evolution analysis, part 2 | Securelist
In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent Tribe.
securelist.com
南亚APT组织“透明部落”在移动端上与对手的较量
研究员在日常的威胁分析运营过程中,捕获到Android平台上一款新型的恶意RAT,基于该家族C2的特点,我们将其命名为Tahorse。
secrss.com
Analysis of top non-HTTP/S threats | Zscaler Blog
In this article, Zscaler security research team dissect the custom protocols used in some of the most prevalent RATs seen in recent campaigns. Read more.
zscaler.com