CVE-2022-31199

Vulnerability Profile Updated 3 months ago

Download STIX

Preview STIX

CVE-2022-31199 is a critical remote code execution (RCE) vulnerability discovered in Netwrix Auditor, a widely-used software for on-premises and cloud-based IT system auditing. This flaw in the software's design or implementation allows cyber threat actors to exploit it and gain unauthorized access to the system. The shift in tactics from phishing to exploiting this vulnerability has been observed prominently among cybercriminals. The exploitation of CVE-2022-31199 has been linked to the delivery of newly discovered variants of Truebot malware. Sophisticated attacks have been carried out by leveraging this vulnerability, allowing attackers not only to infiltrate systems but also to move laterally within networks. The Netwrix Auditor server and its associated agents are particularly susceptible due to this vulnerability. Newer versions of Truebot malware have further complicated the cybersecurity landscape by enabling malicious actors to gain initial access through the known vulnerability with the Netwrix Auditor application. These developments underscore the need for immediate patching and updating of the Netwrix Auditor software to mitigate the risk posed by CVE-2022-31199.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

RCE (Remote ...

Exploit

Lateral Move...

Vulnerability

Phishing

T1190

CISA

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Truebot	Unspecified	5	Truebot is a highly potent malware used by the threat actor group CL0P, which has been linked to various malicious activities aimed at exploiting and damaging computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded,
truebot malware	Unspecified	5	Truebot malware is a malicious software that infiltrates computer systems, often without the user's knowledge, to exploit and damage the device. It was primarily delivered by cyber threat actors via malicious phishing email attachments, but newer versions observed in 2023 also gained initial access
Bumblebee	Unspecified	2	Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The sam
Raspberry Robin	Unspecified	2	Raspberry Robin is a sophisticated malware that has been designed to exploit and damage computer systems. This malicious software infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded, Raspberry Robin can steal personal information, di
IcedID	Unspecified	1	IcedID is a malicious software (malware) designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the CVE-2022-31199 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	a year ago	TrueBot: Cyber Security Agencies Issue A Warning
CERT-EU	a year ago	CISA Adds Five Known Vulnerabilities to Catalog \| CISA
Malwarebytes	a year ago	Warning issued over increased activity of TrueBot malware
CERT-EU	a year ago	Netwrix Auditor RCE Bug Abused in Truebot Malware Campaign \| IT Security News
BankInfoSecurity	a year ago	Updated Truebot Malware Targeting Orgs in US, Canada
DARKReading	a year ago	Truebot Malware Variants Abound, According to CISA Advisory
CERT-EU	a year ago	Canadian cybersecurity agency and FBI issue advisory over rising 'Truebot' cyber attacks
CERT-EU	a year ago	SafeBreach Coverage for US-CERT Alert (AA23-187A) – Truebot Malware
CERT-EU	a year ago	CISA, FBI: A New Version of the Truebot Malware Is Actively Used in Attacks
CERT-EU	a year ago	Cyber Security Week in Review: July 7, 2023
CERT-EU	a year ago	Hackers Exploit Netwrix Auditor RCE Flaw in Truebot Malware Attack
CERT-EU	a year ago	Truebot RCE attacks exploit critical Netwrix Auditor bug
Securityaffairs	a year ago	CISA and FBI warn of Truebot infecting US and Canada based orgs
CERT-EU	a year ago	US and Canadian Authorities Warn of Increased Truebot Activity
CERT-EU	a year ago	Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks
CISA	a year ago	CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants \| CISA
CERT-EU	a year ago	Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert
CISA	a year ago	Increased Truebot Activity Infects U.S. and Canada Based Networks \| CISA
Canadian Centre for Cyber Security	a year ago	Increased Truebot activity infects U.S. and Canada based networks - Joint Cybersecurity Advisory - Canadian Centre for Cyber Security