SombRAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

タイムライン

言語

en8
es4
zh2
fr2

国・地域

cn8
cl4
us2
fr2

アクター

SombRAT4

アクティビティ

関心

タイムライン

タイプ

Not Defined4
Packet Analyzer Software2
Enterprise Resource Planning Software2
Network Management Software2
Operating System2

ベンダー

Not Defined6
Siemens2
Oracle2
HPE2
Microsoft2

製品

Wireshark2
Siemens SICAM PAS2
Siemens SICAM PQS2
Oracle PeopleSoft Enterprise PeopleTools2
HPE System Management Homepage2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Oracle PeopleSoft Enterprise PeopleTools Integration Broker 特権昇格6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.007990.05CVE-2017-3548
2Microsoft Windows win32k.sys xxxMenuWindowProc サービス拒否5.55.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.03
3WSO2 API Manager File Upload 特権昇格9.89.8$0-$5k$0-$5kHighNot Defined0.973110.04CVE-2022-29464
4Wireshark DNP Dissector サービス拒否5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002420.00CVE-2021-22235
5Siemens SICAM PAS/SICAM PQS 特権昇格8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000470.01CVE-2022-43722
6Microsoft Windows TCP/IP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.239930.00CVE-2022-34718
7Microsoft Windows Common Log File System Driver Privilege Escalation8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.001250.00CVE-2022-37969
8Yoast SEO Plugin REST Endpoint posts 情報の漏洩3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.04CVE-2021-25118
9TrackR Bravo App Cloud API Authentication Password 特権昇格6.05.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.00CVE-2016-6538
10HP Integrated Lights-Out IPMI Protocol 特権昇格8.28.0$5k-$25k$0-$5kHighWorkaround0.271960.00CVE-2013-4786
11lighttpd Log File http_auth.c 特権昇格7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011230.00CVE-2015-3200
12HP System Management Homepage サービス拒否5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.002890.00CVE-2010-1034
13HPE System Management Homepage 特権昇格9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.019600.05CVE-2016-1995
14HPE System Management Homepage 特権昇格7.77.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000660.00CVE-2016-1996

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
119.134.94.227SombRAT2022年03月03日verified
222.58.50.80SombRAT2022年03月03日verified
330.24.7.206SombRAT2022年03月03日verified
451.89.50.152ip152.ip-51-89-50.euSombRAT2022年03月03日verified
557.219.0.1SombRAT2022年03月03日verified
6XX.XXX.XX.XXXxxxxxx2022年03月03日verified
7XX.XX.XX.XXx-xx-xx-xx-xx.xxxx.xx.xxxxxxx.xxxXxxxxxx2022年03月03日verified
8XX.XX.XXX.XXxx.xxx.xx.xx.xxx.xxx.xxxXxxxxxx2022年03月03日verified
9XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxx.xxx.xxxxxx.xxxXxxxxxx2022年03月03日verified
10XX.XXX.XX.XXXxxxxxx2022年03月03日verified
11XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxxxxx.xxXxxxxxx2022年03月03日verified
12XXX.XX.XXX.XXXXxxxxxx2022年03月03日verified
13XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxxx.xx.xxXxxxxxx2022年03月03日verified
14XXX.XX.XX.XXXxxxxxxx.xxxxxx.xxxXxxxxxx2022年03月03日verified
15XXX.XX.XXX.XXXXxxxxxx2022年03月03日verified
16XXX.XXX.XXX.XXXXxxxxxx2022年03月03日verified
17XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxx.xxx.xxx.xxxxxx.xxx.xxXxxxxxx2022年03月03日verified
18XXX.XX.XX.XXXxxxxxx2022年03月03日verified
19XXX.XX.XXX.XXXXxxxxxx2022年03月03日verified
20XXX.XX.XX.XXXxxxxxx2022年03月03日verified
21XXX.XXX.XXX.XXXxxxxxx2022年03月03日verified
22XXX.XXX.XXX.XXXxxxxxx2022年03月03日verified
23XXX.XXX.XX.XXXxxxxxx2022年03月03日verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
2T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1Filehttp_auth.cpredictive
2Filexx/xx/xxxxxpredictive
3Libraryxxxxxx.xxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!