SombRAT Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

Język

es	8
en	4
zh	2
fr	2

Kraj

cl	8
cn	6
fr	2

Aktorzy

SombRAT	3

Wysiłek

Rodzaj

Not Defined	4
Automation Software	2
Packet Analyzer Software	2
Operating System	2
Enterprise Resource Planning Software	2

Sprzedawca

Not Defined	4
WSO2	2
Microsoft	2
Siemens	2
Oracle	2

Produkt

WSO2 API Manager	2
WSO2 Identity Server	2
WSO2 Identity Server Analytics	2
WSO2 Identity Server as Key Manager	2
WSO2 Enterprise Integrator	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Oracle PeopleSoft Enterprise PeopleTools Integration Broker privilege escalation	6.5	5.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00799	0.05	CVE-2017-3548
2	Microsoft Windows win32k.sys xxxMenuWindowProc denial of service	5.5	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.03
3	WSO2 API Manager File Upload privilege escalation	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.97255	0.02	CVE-2022-29464
4	Wireshark DNP Dissector denial of service	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00242	0.00	CVE-2021-22235
5	Siemens SICAM PAS/SICAM PQS privilege escalation	8.3	8.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00047	0.01	CVE-2022-43722
6	Microsoft Windows TCP/IP Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.27975	0.00	CVE-2022-34718
7	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00125	0.02	CVE-2022-37969
8	Yoast SEO Plugin REST Endpoint posts information disclosure	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00173	0.04	CVE-2021-25118
9	TrackR Bravo App Cloud API Authentication Password privilege escalation	6.0	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00169	0.00	CVE-2016-6538
10	HP Integrated Lights-Out IPMI Protocol privilege escalation	8.2	8.0	$5k-$25k	$0-$5k	High	Workaround	0.27196	0.09	CVE-2013-4786
11	lighttpd Log File http_auth.c privilege escalation	7.5	7.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01123	0.09	CVE-2015-3200
12	HP System Management Homepage denial of service	5.0	4.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00289	0.02	CVE-2010-1034
13	HPE System Management Homepage privilege escalation	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01960	0.06	CVE-2016-1995
14	HPE System Management Homepage privilege escalation	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00066	0.00	CVE-2016-1996

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	19.134.94.227		SombRAT	2022-03-03	verified	Wysoki
2	22.58.50.80		SombRAT	2022-03-03	verified	Wysoki
3	30.24.7.206		SombRAT	2022-03-03	verified	Wysoki
4	51.89.50.152	ip152.ip-51-89-50.eu	SombRAT	2022-03-03	verified	Wysoki
5	57.219.0.1		SombRAT	2022-03-03	verified	Wysoki
6	XX.XXX.XX.XX		Xxxxxxx	2022-03-03	verified	Wysoki
7	XX.XX.XX.XX	x-xx-xx-xx-xx.xxxx.xx.xxxxxxx.xxx	Xxxxxxx	2022-03-03	verified	Wysoki
8	XX.XX.XXX.XX	xx.xxx.xx.xx.xxx.xxx.xxx	Xxxxxxx	2022-03-03	verified	Wysoki
9	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xxxxxxx.xxx.xxxxxx.xxx	Xxxxxxx	2022-03-03	verified	Wysoki
10	XX.XXX.XX.XX		Xxxxxxx	2022-03-03	verified	Wysoki
11	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxxxxx.xx	Xxxxxxx	2022-03-03	verified	Wysoki
12	XXX.XX.XXX.XXX		Xxxxxxx	2022-03-03	verified	Wysoki
13	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxx.xxxx.xx.xx	Xxxxxxx	2022-03-03	verified	Wysoki
14	XXX.XX.XX.XXX	xxxxxxx.xxxxxx.xxx	Xxxxxxx	2022-03-03	verified	Wysoki
15	XXX.XX.XXX.XXX		Xxxxxxx	2022-03-03	verified	Wysoki
16	XXX.XXX.XXX.XXX		Xxxxxxx	2022-03-03	verified	Wysoki
17	XXX.XXX.XX.XXX	xxx.xx.xxx.xxx.xxxxx.xxx.xxx.xxxxxx.xxx.xx	Xxxxxxx	2022-03-03	verified	Wysoki
18	XXX.XX.XX.XX		Xxxxxxx	2022-03-03	verified	Wysoki
19	XXX.XX.XXX.XXX		Xxxxxxx	2022-03-03	verified	Wysoki
20	XXX.XX.XX.XX		Xxxxxxx	2022-03-03	verified	Wysoki
21	XXX.XXX.XXX.XX		Xxxxxxx	2022-03-03	verified	Wysoki
22	XXX.XXX.XXX.XX		Xxxxxxx	2022-03-03	verified	Wysoki
23	XXX.XXX.XX.XX		Xxxxxxx	2022-03-03	verified	Wysoki

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
2	T1059.007	CWE-79	Cross Site Scripting	predictive	Wysoki
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
4	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Wysoki
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
7	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	http_auth.c	predictive	Medium
2	File	xx/xx/xxxxx	predictive	Medium
3	Library	xxxxxx.xxx	predictive	Medium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!