SombRAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

es12
fr2
en2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cl12
fr2
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

SombRAT3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Operating System4
Network Management Software2
WordPress Plugin2
Web Server2
Packet Analyzer Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined6
Microsoft4
HP2
WSO22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
HP System Management Homepage2
Yoast SEO Plugin2
lighttpd2
Wireshark2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Oracle PeopleSoft Enterprise PeopleTools Integration Broker access control6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.007990.05CVE-2017-3548
2Microsoft Windows win32k.sys xxxMenuWindowProc denial of service5.55.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.03
3WSO2 API Manager File Upload unrestricted upload9.89.8$0-$5k$0-$5kHighNot Defined0.973110.04CVE-2022-29464
4Wireshark DNP Dissector denial of service5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002420.00CVE-2021-22235
5Siemens SICAM PAS/SICAM PQS uncontrolled search path8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000470.01CVE-2022-43722
6Microsoft Windows TCP/IP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.239930.00CVE-2022-34718
7Microsoft Windows Common Log File System Driver Privilege Escalation8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.001250.00CVE-2022-37969
8Yoast SEO Plugin REST Endpoint posts information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.04CVE-2021-25118
9TrackR Bravo App Cloud API Authentication Password credentials management6.05.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.00CVE-2016-6538
10HP Integrated Lights-Out IPMI Protocol credentials management8.28.0$5k-$25k$0-$5kHighWorkaround0.271960.00CVE-2013-4786
11lighttpd Log File http_auth.c injection7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011230.00CVE-2015-3200
12HP System Management Homepage denial of service5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.002890.00CVE-2010-1034
13HPE System Management Homepage privileges management9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.019600.06CVE-2016-1995
14HPE System Management Homepage privileges management7.77.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000660.00CVE-2016-1996

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
119.134.94.227SombRAT03/03/2022verifiedHigh
222.58.50.80SombRAT03/03/2022verifiedHigh
330.24.7.206SombRAT03/03/2022verifiedHigh
451.89.50.152ip152.ip-51-89-50.euSombRAT03/03/2022verifiedHigh
557.219.0.1SombRAT03/03/2022verifiedHigh
6XX.XXX.XX.XXXxxxxxx03/03/2022verifiedHigh
7XX.XX.XX.XXx-xx-xx-xx-xx.xxxx.xx.xxxxxxx.xxxXxxxxxx03/03/2022verifiedHigh
8XX.XX.XXX.XXxx.xxx.xx.xx.xxx.xxx.xxxXxxxxxx03/03/2022verifiedHigh
9XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxx.xxx.xxxxxx.xxxXxxxxxx03/03/2022verifiedHigh
10XX.XXX.XX.XXXxxxxxx03/03/2022verifiedHigh
11XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxxxxx.xxXxxxxxx03/03/2022verifiedHigh
12XXX.XX.XXX.XXXXxxxxxx03/03/2022verifiedHigh
13XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxxx.xx.xxXxxxxxx03/03/2022verifiedHigh
14XXX.XX.XX.XXXxxxxxxx.xxxxxx.xxxXxxxxxx03/03/2022verifiedHigh
15XXX.XX.XXX.XXXXxxxxxx03/03/2022verifiedHigh
16XXX.XXX.XXX.XXXXxxxxxx03/03/2022verifiedHigh
17XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxx.xxx.xxx.xxxxxx.xxx.xxXxxxxxx03/03/2022verifiedHigh
18XXX.XX.XX.XXXxxxxxx03/03/2022verifiedHigh
19XXX.XX.XXX.XXXXxxxxxx03/03/2022verifiedHigh
20XXX.XX.XX.XXXxxxxxx03/03/2022verifiedHigh
21XXX.XXX.XXX.XXXxxxxxx03/03/2022verifiedHigh
22XXX.XXX.XXX.XXXxxxxxx03/03/2022verifiedHigh
23XXX.XXX.XX.XXXxxxxxx03/03/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filehttp_auth.cpredictiveMedium
2Filexx/xx/xxxxxpredictiveMedium
3Libraryxxxxxx.xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!