CrimsonIAS

According to ThreatConnect, CrimsonIAS is a Delphi-written backdoor dating back to at least 2017. It enables operators to run command line tools, exfiltrate files, and upload files to the infected machine. CrimsonIAS is notable as it listens for incoming connections only; making it different from typical Windows backdoors that beacons out.

Family metadata imported from Malpedia (Fraunhofer FKIE).