Ozone RAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

タイムライン

言語

en46

国・地域

us40

アクター

Meterpreter6
Ozone RAT3
Nanocore RAT1
NetWire RC1

アクティビティ

関心

タイムライン

タイプ

Not Defined22
Operating System8
Smartphone Operating System4
Web Browser4
Content Management System2

ベンダー

Not Defined8
Linux6
Apple4
Cisco4
Mezzanine2

製品

Linux Kernel6
Apple iOS4
Apple iPadOS4
Mezzanine CMS2
phpHtmlLib2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Oracle Middleware Common Libraries and Tools Third Party サービス拒否7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000710.03CVE-2022-45688
2sjqzhang go-fastdfs File Upload uploa upload Remote Code Execution8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001970.00CVE-2023-1800
3M-Files Server サービス拒否6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.00CVE-2023-0382
4Siemens Tecnomatix Plant Simulation SPP File メモリ破損7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000990.03CVE-2023-24995
5SourceCodester Clinics Patient Management System update_user.php SQLインジェクション7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001130.00CVE-2023-1035
6Vastal phpVID browse_videos.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.017620.04CVE-2013-5312
7Check_MK Failed-Log Save 競合状態4.84.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.015100.00CVE-2017-14955
8Chris92de AdminServ adminserv.php クロスサイトスクリプティング4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.00CVE-2020-36637
9Chris92de AdminServ adminserv.php クロスサイトスクリプティング4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.00CVE-2020-36638
10tcpdump CFM Parser print-cfm.c cfm_print メモリ破損8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.008530.00CVE-2017-13052
11Synology DiskStation Manager Webapi ディレクトリトラバーサル6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.04CVE-2022-27610
12jserv クロスサイトスクリプティング4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
13Cisco AsyncOS ZIP Archive Spam 特権昇格7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001440.00CVE-2016-1438
14Microsoft Windows LPC Request サービス拒否7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
15Microsoft Windows Guest Account 特権昇格7.37.1$25k-$100k$0-$5kNot DefinedWorkaround0.000000.00
16Apple iOS/iPadOS Audio 情報の漏洩3.33.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000800.03CVE-2022-32825
17InterWorx SiteWorx httpd.php クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.006680.00CVE-2007-4588
18InterWorx SiteWorx ftp.php クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.006680.00CVE-2007-4588
19phpHtmlLib NavTable.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.175070.00CVE-2006-4287
20Apple iOS/iPadOS WebRTC メモリ破損7.57.4$25k-$100k$25k-$100kHighOfficial Fix0.011520.06CVE-2022-2294

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
13.13.191.225ec2-3-13-191-225.us-east-2.compute.amazonaws.comOzone RAT2021年05月04日verified
23.14.182.203ec2-3-14-182-203.us-east-2.compute.amazonaws.comOzone RAT2021年05月04日verified
33.22.53.161ec2-3-22-53-161.us-east-2.compute.amazonaws.comOzone RAT2021年04月07日verified
4X.XXX.XXX.XXXxxx-x-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx Xxx2021年07月17日verified
5X.XXX.XXX.XXXxxx-x-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx Xxx2021年05月04日verified
6X.XXX.XXX.Xxxx-x-xxx-xxx-x.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx Xxx2021年07月17日verified
7X.XXX.XXX.XXxxx-x-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx Xxx2021年06月19日verified
8XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx Xxx2021年04月07日verified
9XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx Xxx2021年06月19日verified
10XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx Xxx2021年04月07日verified
11XXX.XX.XXX.XXXxxx.xxxxxxxxxx.xxxxxXxxxx Xxx2021年03月28日verified
12XXX.XXX.XXX.XXXxxxx Xxx2021年03月22日verified

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-23, CWE-24Path Traversalpredictive
2TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/group1/uploapredictive
2File/vicidial/AST_agent_time_sheet.phppredictive
3Filearch/powerpc/mm/mmu_context_book3s64.cpredictive
4Filexxxx/xxxxx/xxxxxx/xxxxx.xpredictive
5Filexxxxxx_xxxxxx.xxxpredictive
6Filexxxxxxx/xxx/xxx/xxxx/xxxx_xxx_xxxxxxx.xpredictive
7Filexxx.xxxpredictive
8Filexxxxx.xxxpredictive
9Filexxxxxx/xxxxxx.xpredictive
10Filexxxxxxxx.xxxpredictive
11Filexxxxx-xxx.xpredictive
12Filexxxxxxxxx/xxxx/xxxxxxxxx.xxxpredictive
13Filexxxxxx_xxxx.xxxpredictive
14Libraryxxxx/xxx/xxx/xxxx-xxxx.xpredictive
15Libraryxxx/xxx.xpredictive
16Argumentxxxxxpredictive
17Argumentxxxpredictive
18Argumentxxxxxpredictive
19Argumentxxxx_xxxxpredictive
20Argumentxxxxxxxxxxpredictive
21Argumentxxxxpredictive
22Argumentxxxx_xxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!