SombRAT Analysis

IOB - Indicator of Behavior (15)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

es6
en6
zh2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

lighttpd2
Oracle PeopleSoft Enterprise PeopleTools2
HPE System Management Homepage2
Microsoft Windows2
Yoast SEO Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Oracle PeopleSoft Enterprise PeopleTools Integration Broker access control6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.00799CVE-2017-3548
2Microsoft Windows win32k.sys xxxMenuWindowProc denial of service5.55.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.050.00000
3WSO2 API Manager File Upload unrestricted upload9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.97146CVE-2022-29464
4Wireshark DNP Dissector denial of service5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00242CVE-2021-22235
5Siemens SICAM PAS/SICAM PQS uncontrolled search path8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00047CVE-2022-43722
6Microsoft Windows TCP/IP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.28837CVE-2022-34718
7Microsoft Windows Common Log File System Driver Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.00128CVE-2022-37969
8Yoast SEO Plugin REST Endpoint posts information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00173CVE-2021-25118
9TrackR Bravo App Cloud API Authentication Password credentials management6.05.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00169CVE-2016-6538
10HP Integrated Lights-Out IPMI Protocol credentials management8.28.0$5k-$25k$0-$5kHighWorkaround0.020.23983CVE-2013-4786
11lighttpd Log File http_auth.c injection7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.01123CVE-2015-3200
12HP System Management Homepage denial of service5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00289CVE-2010-1034
13HPE System Management Homepage privileges management9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01960CVE-2016-1995
14HPE System Management Homepage privileges management7.77.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00066CVE-2016-1996

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filehttp_auth.cpredictiveMedium
2Filexx/xx/xxxxxpredictiveMedium
3Libraryxxxxxx.xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!