# SombRAT > Tipo: **malware** · S0615 · [MITRE ATT&CK](https://attack.mitre.org/software/S0615) ## Descrição [[s0615-sombrat|SombRAT]] é um backdoor modular escrito em C++ utilizado desde pelo menos 2019 para baixar e executar payloads maliciosos, incluindo o ransomware [[s0618-fivehands|FIVEHANDS]]. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1573-002-asymmetric-cryptography|T1573.002 - Asymmetric Cryptography]] - [[t1124-system-time-discovery|T1124 - System Time Discovery]] - [[t1057-process-discovery|T1057 - Process Discovery]] - [[t1090-proxy|T1090 - Proxy]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1106-native-api|T1106 - Native API]] - [[t1027-obfuscated-files-or-information|T1027 - Obfuscated Files or Information]] - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1095-non-application-layer-protocol|T1095 - Non-Application Layer Protocol]] - [[t1564-010-process-argument-spoofing|T1564.010 - Process Argument Spoofing]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1560-003-archive-via-custom-method|T1560.003 - Archive via Custom Method]] - [[t1573-001-symmetric-cryptography|T1573.001 - Symmetric Cryptography]] ## Referências - [MITRE ATT&CK - S0615](https://attack.mitre.org/software/S0615)