SombRAT

Description

(BlackBerry) The backdoor delivered by the above-mentioned loaders is a C++ compiled executable developed with heavy usage of objects, classes, and interfaces. It has a plugin architecture and basic functionality of a foothold RAT that is mainly used to download and execute other malicious payloads – either as its own plugins or standalone binaries. It can also perform other simple actions, like collecting system information, listing and killing processes, and uploading files to the C2.

Names

Name
SombRAT

Type

Reconnaissance
Backdoor
Info stealer
Loader
Tunneling

Information

https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced
https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html

Mitre Attack

https://attack.mitre.org/software/S0615/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.sombrat

Other Information

Uuid

0b43cf22-b949-4c04-9154-c3aa27935935

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

SombRAT

SombRAT

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks