Sorillus RAT Identified in Customer Environment
Tags
country: Germany
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Models Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Software - T1592.002 Tool - T1588.002 Brute Force - T1110 Remote Access Tools - T1219 User Execution - T1204 User Execution
Show in Graph
Common Information
Type Value
UUID b1c1f571-221d-40f7-9067-b3018b24ba82
Fingerprint 85612bd4be1f1fce
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 13, 2022, midnight
Added to db Jan. 16, 2023, 3:54 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Sorillus RAT Identified in Customer Environment
Title Sorillus RAT Identified in Customer Environment
Detected Hints/Tags/Attributes 88/3/9
Source URLs
Redirection Url
Details Source https://www.esentire.com/blog/sorillus-rat
URL Provider
Details Provider Source level domain
Details esentire.com www.esentire.com
Attributes
Details Type #Events CTI Value
Details CVE 60 
cve-2022-27518
Details Domain 9 
cracked.io
Details Domain 6 
severdops.ddns.net
Details File 1 
img-2022.jar
Details File 165 
reg.exe
Details File 37 
icacls.exe
Details sha256 1 
fc748b0a2dca368f37a69740f0022fd468a4ef3634b286f86c9f65dc496af66a
Details IPv4 1 
208.67.106.143
Details Windows Registry Key 582 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run