CVE-2022-31199

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-31199 is a critical remote code execution (RCE) vulnerability discovered in Netwrix Auditor, a widely-used software for on-premises and cloud-based IT system auditing. This flaw in the software's design or implementation allows cyber threat actors to exploit it and gain unauthorized access to the system. The shift in tactics from phishing to exploiting this vulnerability has been observed prominently among cybercriminals. The exploitation of CVE-2022-31199 has been linked to the delivery of newly discovered variants of Truebot malware. Sophisticated attacks have been carried out by leveraging this vulnerability, allowing attackers not only to infiltrate systems but also to move laterally within networks. The Netwrix Auditor server and its associated agents are particularly susceptible due to this vulnerability. Newer versions of Truebot malware have further complicated the cybersecurity landscape by enabling malicious actors to gain initial access through the known vulnerability with the Netwrix Auditor application. These developments underscore the need for immediate patching and updating of the Netwrix Auditor software to mitigate the risk posed by CVE-2022-31199.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Vulnerability
Exploit
Lateral Move...
RCE (Remote ...
Phishing
CISA
T1190
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
truebot malwareUnspecified
5
Truebot malware is a malicious software that infiltrates computer systems, often without the user's knowledge, to exploit and damage the device. It was primarily delivered by cyber threat actors via malicious phishing email attachments, but newer versions observed in 2023 also gained initial access
TruebotUnspecified
5
Truebot is a highly potent malware used by the threat actor group CL0P, which has been linked to various malicious activities aimed at exploiting and damaging computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded,
Raspberry RobinUnspecified
2
Raspberry Robin is a sophisticated malware, first disclosed by Red Canary in 2022, and is often associated with pre-ransomware activities. It functions as a downloader, retrieving the Raspberry Robin DLL from the web and storing it locally while avoiding detection by adding exceptions to antivirus s
BumblebeeUnspecified
2
Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam
IcedIDUnspecified
1
IcedID, also known as BokBot, is a type of malware that was initially identified in 2017 as a banking trojan. Over time, it has evolved and is now used for various cybercrimes, including financial data theft. It is often associated with other malware types such as Qakbot, BazarLoader, CobaltStrike,
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-31199 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
US and Canadian Authorities Warn of Increased Truebot Activity
CERT-EU
a year ago
CISA, FBI: A New Version of the Truebot Malware Is Actively Used in Attacks
CERT-EU
a year ago
CISA Adds Five Known Vulnerabilities to Catalog | CISA
DARKReading
a year ago
Truebot Malware Variants Abound, According to CISA Advisory
CERT-EU
a year ago
Netwrix Auditor RCE Bug Abused in Truebot Malware Campaign | IT Security News
Canadian Centre for Cyber Security
a year ago
Increased Truebot activity infects U.S. and Canada based networks - Joint Cybersecurity Advisory - Canadian Centre for Cyber Security
CERT-EU
a year ago
Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert
BankInfoSecurity
a year ago
Updated Truebot Malware Targeting Orgs in US, Canada
CERT-EU
a year ago
TrueBot: Cyber Security Agencies Issue A Warning
CISA
a year ago
CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants | CISA
CERT-EU
a year ago
SafeBreach Coverage for US-CERT Alert (AA23-187A) – Truebot Malware
CERT-EU
a year ago
Cyber Security Week in Review: July 7, 2023
CERT-EU
a year ago
Hackers Exploit Netwrix Auditor RCE Flaw in Truebot Malware Attack
CERT-EU
a year ago
Truebot RCE attacks exploit critical Netwrix Auditor bug
Malwarebytes
a year ago
Warning issued over increased activity of TrueBot malware
Securityaffairs
a year ago
CISA and FBI warn of Truebot infecting US and Canada based orgs
CERT-EU
a year ago
Canadian cybersecurity agency and FBI issue advisory over rising 'Truebot' cyber attacks
CERT-EU
a year ago
Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
CISA
a year ago
Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA