SombRAT Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

Idioma

es	8
en	4
fr	2
zh	2

País

cl	8
cn	4
us	2
fr	2

Actores

SombRAT	3
Darktrack RAT	1

Interesse

Tipo

Operating System	4
Automation Software	2
Not Defined	2
Network Management Software	2
WordPress Plugin	2

Fabricante

Not Defined	6
Microsoft	4
WSO2	2
HPE	2

Produto

Microsoft Windows	4
WSO2 API Manager	2
WSO2 Identity Server	2
WSO2 Identity Server Analytics	2
WSO2 Identity Server as Key Manager	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Oracle PeopleSoft Enterprise PeopleTools Integration Broker direitos alargados	6.5	5.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00799	0.05	CVE-2017-3548
2	Microsoft Windows win32k.sys xxxMenuWindowProc Negação de Serviço	5.5	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.03
3	WSO2 API Manager File Upload direitos alargados	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.97255	0.02	CVE-2022-29464
4	Wireshark DNP Dissector Negação de Serviço	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00242	0.00	CVE-2021-22235
5	Siemens SICAM PAS/SICAM PQS direitos alargados	8.3	8.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00047	0.01	CVE-2022-43722
6	Microsoft Windows TCP/IP Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.23993	0.00	CVE-2022-34718
7	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00125	0.02	CVE-2022-37969
8	Yoast SEO Plugin REST Endpoint posts Divulgação de Informação	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00123	0.04	CVE-2021-25118
9	TrackR Bravo App Cloud API Authentication Password direitos alargados	6.0	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00132	0.00	CVE-2016-6538
10	HP Integrated Lights-Out IPMI Protocol direitos alargados	8.2	8.0	$5k-$25k	$0-$5k	High	Workaround	0.27196	0.09	CVE-2013-4786
11	lighttpd Log File http_auth.c direitos alargados	7.5	7.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01123	0.04	CVE-2015-3200
12	HP System Management Homepage Negação de Serviço	5.0	4.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00289	0.02	CVE-2010-1034
13	HPE System Management Homepage direitos alargados	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01960	0.06	CVE-2016-1995
14	HPE System Management Homepage direitos alargados	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00066	0.00	CVE-2016-1996

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	19.134.94.227		SombRAT	03/03/2022	verified	Alto
2	22.58.50.80		SombRAT	03/03/2022	verified	Alto
3	30.24.7.206		SombRAT	03/03/2022	verified	Alto
4	51.89.50.152	ip152.ip-51-89-50.eu	SombRAT	03/03/2022	verified	Alto
5	57.219.0.1		SombRAT	03/03/2022	verified	Alto
6	XX.XXX.XX.XX		Xxxxxxx	03/03/2022	verified	Alto
7	XX.XX.XX.XX	x-xx-xx-xx-xx.xxxx.xx.xxxxxxx.xxx	Xxxxxxx	03/03/2022	verified	Alto
8	XX.XX.XXX.XX	xx.xxx.xx.xx.xxx.xxx.xxx	Xxxxxxx	03/03/2022	verified	Alto
9	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xxxxxxx.xxx.xxxxxx.xxx	Xxxxxxx	03/03/2022	verified	Alto
10	XX.XXX.XX.XX		Xxxxxxx	03/03/2022	verified	Alto
11	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxxxxx.xx	Xxxxxxx	03/03/2022	verified	Alto
12	XXX.XX.XXX.XXX		Xxxxxxx	03/03/2022	verified	Alto
13	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxx.xxxx.xx.xx	Xxxxxxx	03/03/2022	verified	Alto
14	XXX.XX.XX.XXX	xxxxxxx.xxxxxx.xxx	Xxxxxxx	03/03/2022	verified	Alto
15	XXX.XX.XXX.XXX		Xxxxxxx	03/03/2022	verified	Alto
16	XXX.XXX.XXX.XXX		Xxxxxxx	03/03/2022	verified	Alto
17	XXX.XXX.XX.XXX	xxx.xx.xxx.xxx.xxxxx.xxx.xxx.xxxxxx.xxx.xx	Xxxxxxx	03/03/2022	verified	Alto
18	XXX.XX.XX.XX		Xxxxxxx	03/03/2022	verified	Alto
19	XXX.XX.XXX.XXX		Xxxxxxx	03/03/2022	verified	Alto
20	XXX.XX.XX.XX		Xxxxxxx	03/03/2022	verified	Alto
21	XXX.XXX.XXX.XX		Xxxxxxx	03/03/2022	verified	Alto
22	XXX.XXX.XXX.XX		Xxxxxxx	03/03/2022	verified	Alto
23	XXX.XXX.XX.XX		Xxxxxxx	03/03/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Alto
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	http_auth.c	predictive	Médio
2	File	xx/xx/xxxxx	predictive	Médio
3	Library	xxxxxx.xxx	predictive	Médio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!