Ozone RAT Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Język

en	46

Kraj

us	42

Aktorzy

Meterpreter	6
Ozone RAT	3
Nanocore RAT	1
NetWire RC	1

Wysiłek

Rodzaj

Not Defined	22
Operating System	16
Web Browser	2
Packet Analyzer Software	2
Medical Device Software	2

Sprzedawca

Linux	12
Not Defined	6
Microsoft	4
Mozilla	2
Chris92de	2

Produkt

Linux Kernel	12
Microsoft Windows	4
Mozilla Firefox	2
Mozilla Firefox ESR	2
Mozilla Thunderbird	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Oracle Middleware Common Libraries and Tools Third Party denial of service	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00064	0.00	CVE-2022-45688
2	sjqzhang go-fastdfs File Upload uploa upload Remote Code Execution	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00176	0.07	CVE-2023-1800
3	M-Files Server denial of service	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.00	CVE-2023-0382
4	Siemens Tecnomatix Plant Simulation SPP File memory corruption	7.0	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00099	0.02	CVE-2023-24995
5	SourceCodester Clinics Patient Management System update_user.php sql injection	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00113	0.00	CVE-2023-1035
6	Vastal phpVID browse_videos.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01566	0.03	CVE-2013-5312
7	Check_MK Failed-Log Save race condition	4.8	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01510	0.00	CVE-2017-14955
8	Chris92de AdminServ adminserv.php cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.04	CVE-2020-36637
9	Chris92de AdminServ adminserv.php cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.07	CVE-2020-36638
10	tcpdump CFM Parser print-cfm.c cfm_print memory corruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00853	0.00	CVE-2017-13052
11	Synology DiskStation Manager Webapi directory traversal	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.00	CVE-2022-27610
12	jserv cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
13	Cisco AsyncOS ZIP Archive Spam privilege escalation	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00144	0.00	CVE-2016-1438
14	Microsoft Windows LPC Request denial of service	7.8	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.02
15	Microsoft Windows Guest Account privilege escalation	7.3	7.1	$25k-$100k	$5k-$25k	Not Defined	Workaround	0.00000	0.04
16	Apple iOS/iPadOS Audio information disclosure	3.3	3.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00080	0.00	CVE-2022-32825
17	InterWorx SiteWorx httpd.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00418	0.00	CVE-2007-4588
18	InterWorx SiteWorx ftp.php cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00418	0.00	CVE-2007-4588
19	phpHtmlLib NavTable.php privilege escalation	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.14048	0.00	CVE-2006-4287
20	Apple iOS/iPadOS WebRTC memory corruption	7.5	7.4	$100k i więcej	$5k-$25k	Not Defined	Official Fix	0.01152	0.00	CVE-2022-2294

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	3.13.191.225	ec2-3-13-191-225.us-east-2.compute.amazonaws.com	Ozone RAT	2021-05-04	verified	Medium
2	3.14.182.203	ec2-3-14-182-203.us-east-2.compute.amazonaws.com	Ozone RAT	2021-05-04	verified	Medium
3	3.22.53.161	ec2-3-22-53-161.us-east-2.compute.amazonaws.com	Ozone RAT	2021-04-07	verified	Medium
4	X.XXX.XXX.XXX	xxx-x-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	2021-07-17	verified	Medium
5	X.XXX.XXX.XXX	xxx-x-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	2021-05-04	verified	Medium
6	X.XXX.XXX.X	xxx-x-xxx-xxx-x.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	2021-07-17	verified	Medium
7	X.XXX.XXX.XX	xxx-x-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	2021-06-19	verified	Medium
8	XX.XX.XX.XXX	xxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	2021-04-07	verified	Medium
9	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	2021-06-19	verified	Medium
10	XX.XX.XX.XXX	xxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	2021-04-07	verified	Medium
11	XXX.XX.XXX.XXX	xxx.xxxxxxxxxx.xxxxx	Xxxxx Xxx	2021-03-28	verified	Wysoki
12	XXX.XXX.XXX.XX		Xxxxx Xxx	2021-03-22	verified	Wysoki

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-22, CWE-23, CWE-24	Path Traversal	predictive	Wysoki
2	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/group1/uploa	predictive	Wysoki
2	File	/vicidial/AST_agent_time_sheet.php	predictive	Wysoki
3	File	arch/powerpc/mm/mmu_context_book3s64.c	predictive	Wysoki
4	File	xxxx/xxxxx/xxxxxx/xxxxx.x	predictive	Wysoki
5	File	xxxxxx_xxxxxx.xxx	predictive	Wysoki
6	File	xxxxxxx/xxx/xxx/xxxx/xxxx_xxx_xxxxxxx.x	predictive	Wysoki
7	File	xxx.xxx	predictive	Niski
8	File	xxxxx.xxx	predictive	Medium
9	File	xxxxxx/xxxxxx.x	predictive	Wysoki
10	File	xxxxxxxx.xxx	predictive	Medium
11	File	xxxxx-xxx.x	predictive	Medium
12	File	xxxxxxxxx/xxxx/xxxxxxxxx.xxx	predictive	Wysoki
13	File	xxxxxx_xxxx.xxx	predictive	Wysoki
14	Library	xxxx/xxx/xxx/xxxx-xxxx.x	predictive	Wysoki
15	Library	xxx/xxx.x	predictive	Medium
16	Argument	xxxxx	predictive	Niski
17	Argument	xxx	predictive	Niski
18	Argument	xxxxx	predictive	Niski
19	Argument	xxxx_xxxx	predictive	Medium
20	Argument	xxxxxxxxxx	predictive	Medium
21	Argument	xxxx	predictive	Niski
22	Argument	xxxx_xx	predictive	Niski

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Might our Artificial Intelligence support you?

Check our Alexa App!