Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 15:31:51 UTC
Home > List all groups > List all tools > List all groups using tool SombRAT
 Tool: SombRAT
Names SombRAT
Category Malware
Type Reconnaissance, Backdoor, Info stealer, Loader, Tunneling
Description
(BlackBerry) The backdoor delivered by the above-mentioned loaders is a C++
compiled executable developed with heavy usage of objects, classes, and interfaces. It
has a plugin architecture and basic functionality of a foothold RAT that is mainly used to
download and execute other malicious payloads – either as its own plugins or standalone
binaries. It can also perform other simple actions, like collecting system information,
listing and killing processes, and uploading files to the C2.
Information
MITRE ATT&CK Malpedia Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool SombRAT
Changed Name Country Observed
APT groups
 CostaRicto [Unknown] 2017
 UNC2447 [Unknown] 2020
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0b43cf22-b949-4c04-9154-c3aa27935935
Page 1 of 2

2 groups listed (2 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0b43cf22-b949-4c04-9154-c3aa27935935
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0b43cf22-b949-4c04-9154-c3aa27935935
Page 2 of 2