SombRAT Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

Linguaggio

es	6
en	6
fr	2
zh	2

Nazione

cl	6
cn	6
fr	2
us	2

Attori

SombRAT	3
Darktrack RAT	1

Interesse

Genere

Network Management Software	6
Operating System	4
Packet Analyzer Software	2
Not Defined	2

Fornitore

Not Defined	4
HP	4
Microsoft	4
HPE	2

Prodotto

Microsoft Windows	4
Wireshark	2
HP Integrated Lights-Out	2
TrackR Bravo App	2
HPE System Management Homepage	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	Oracle PeopleSoft Enterprise PeopleTools Integration Broker escalazione di privilegi	6.5	5.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00799	0.05	CVE-2017-3548
2	Microsoft Windows win32k.sys xxxMenuWindowProc denial of service	5.5	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.03
3	WSO2 API Manager File Upload escalazione di privilegi	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.97255	0.02	CVE-2022-29464
4	Wireshark DNP Dissector denial of service	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00242	0.00	CVE-2021-22235
5	Siemens SICAM PAS/SICAM PQS escalazione di privilegi	8.3	8.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00047	0.01	CVE-2022-43722
6	Microsoft Windows TCP/IP Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.27975	0.00	CVE-2022-34718
7	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00125	0.02	CVE-2022-37969
8	Yoast SEO Plugin REST Endpoint posts rivelazione di un 'informazione	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00173	0.04	CVE-2021-25118
9	TrackR Bravo App Cloud API Authentication Password escalazione di privilegi	6.0	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00169	0.00	CVE-2016-6538
10	HP Integrated Lights-Out IPMI Protocol escalazione di privilegi	8.2	8.0	$5k-$25k	$0-$5k	High	Workaround	0.27196	0.02	CVE-2013-4786
11	lighttpd Log File http_auth.c escalazione di privilegi	7.5	7.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01123	0.03	CVE-2015-3200
12	HP System Management Homepage denial of service	5.0	4.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00289	0.02	CVE-2010-1034
13	HPE System Management Homepage escalazione di privilegi	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01960	0.06	CVE-2016-1995
14	HPE System Management Homepage escalazione di privilegi	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00066	0.00	CVE-2016-1996

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Identified	Genere	Fiducia
1	19.134.94.227		SombRAT	03/03/2022	verified	Alto
2	22.58.50.80		SombRAT	03/03/2022	verified	Alto
3	30.24.7.206		SombRAT	03/03/2022	verified	Alto
4	51.89.50.152	ip152.ip-51-89-50.eu	SombRAT	03/03/2022	verified	Alto
5	57.219.0.1		SombRAT	03/03/2022	verified	Alto
6	XX.XXX.XX.XX		Xxxxxxx	03/03/2022	verified	Alto
7	XX.XX.XX.XX	x-xx-xx-xx-xx.xxxx.xx.xxxxxxx.xxx	Xxxxxxx	03/03/2022	verified	Alto
8	XX.XX.XXX.XX	xx.xxx.xx.xx.xxx.xxx.xxx	Xxxxxxx	03/03/2022	verified	Alto
9	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xxxxxxx.xxx.xxxxxx.xxx	Xxxxxxx	03/03/2022	verified	Alto
10	XX.XXX.XX.XX		Xxxxxxx	03/03/2022	verified	Alto
11	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxxxxx.xx	Xxxxxxx	03/03/2022	verified	Alto
12	XXX.XX.XXX.XXX		Xxxxxxx	03/03/2022	verified	Alto
13	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxx.xxxx.xx.xx	Xxxxxxx	03/03/2022	verified	Alto
14	XXX.XX.XX.XXX	xxxxxxx.xxxxxx.xxx	Xxxxxxx	03/03/2022	verified	Alto
15	XXX.XX.XXX.XXX		Xxxxxxx	03/03/2022	verified	Alto
16	XXX.XXX.XXX.XXX		Xxxxxxx	03/03/2022	verified	Alto
17	XXX.XXX.XX.XXX	xxx.xx.xxx.xxx.xxxxx.xxx.xxx.xxxxxx.xxx.xx	Xxxxxxx	03/03/2022	verified	Alto
18	XXX.XX.XX.XX		Xxxxxxx	03/03/2022	verified	Alto
19	XXX.XX.XXX.XXX		Xxxxxxx	03/03/2022	verified	Alto
20	XXX.XX.XX.XX		Xxxxxxx	03/03/2022	verified	Alto
21	XXX.XXX.XXX.XX		Xxxxxxx	03/03/2022	verified	Alto
22	XXX.XXX.XXX.XX		Xxxxxxx	03/03/2022	verified	Alto
23	XXX.XXX.XX.XX		Xxxxxxx	03/03/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
2	T1059.007	CWE-79	Cross Site Scripting	predictive	Alto
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	http_auth.c	predictive	Media
2	File	xx/xx/xxxxx	predictive	Media
3	Library	xxxxxx.xxx	predictive	Media

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you know our Splunk app?

Download it now for free!