APT / THREAT GROUP
Crimson RAT
4
aliases
Last seen:Mar 17, 2026
Intelligence Profile
It was first discovered in 2017 and has since been used to attack organizations around the world. The malware is often distributed through phishing emails or by exploiting vulnerabilities in outdated security software. Once Crimson RAT is installed on a computer, it can be used to steal data, spy on users, and even take control of the infected computers.
Some of the features of Crimson RAT include:
Remote control of infected computers
Data theft, such as passwords, files, and emails
User spying
Takeover of infected computers
Locking of infected computers
Extortion of payments
Threat Analysis
Crimson RAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases4
Also Known As
win.crimsonScarimsonSEEDOORCrimson RAT
External Intelligence
Malpedia: win.crimsonResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.