Ozone RAT Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Idioma

en	46

País

us	40

Actores

Meterpreter	6
Ozone RAT	4
Nanocore RAT	1
NetWire RC	1

Interesse

Tipo

Not Defined	20
Operating System	10
Smartphone Operating System	6
Packet Analyzer Software	2
Network Attached Storage Software	2

Fabricante

Not Defined	8
Linux	8
Apple	6
Zoho ManageEngine	2
Green Hills	2

Produto

Linux Kernel	8
Apple iOS	6
Apple iPadOS	6
Check_MK	2
Zoho ManageEngine ADSelfService	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Oracle Middleware Common Libraries and Tools Third Party Negação de Serviço	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00064	0.00	CVE-2022-45688
2	sjqzhang go-fastdfs File Upload uploa upload Remote Code Execution	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00176	0.11	CVE-2023-1800
3	M-Files Server Negação de Serviço	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.00	CVE-2023-0382
4	Siemens Tecnomatix Plant Simulation SPP File Excesso de tampão	7.0	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00099	0.02	CVE-2023-24995
5	SourceCodester Clinics Patient Management System update_user.php Injecção SQL	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00113	0.06	CVE-2023-1035
6	Vastal phpVID browse_videos.php Roteiro Cruzado de Sítios	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01566	0.03	CVE-2013-5312
7	Check_MK Failed-Log Save Condição de Corrida	4.8	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01510	0.00	CVE-2017-14955
8	Chris92de AdminServ adminserv.php Roteiro Cruzado de Sítios	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.06	CVE-2020-36637
9	Chris92de AdminServ adminserv.php Roteiro Cruzado de Sítios	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.07	CVE-2020-36638
10	tcpdump CFM Parser print-cfm.c cfm_print Excesso de tampão	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00853	0.00	CVE-2017-13052
11	Synology DiskStation Manager Webapi Directório Traversal	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.00	CVE-2022-27610
12	jserv Roteiro Cruzado de Sítios	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
13	Cisco AsyncOS ZIP Archive Spam direitos alargados	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00144	0.00	CVE-2016-1438
14	Microsoft Windows LPC Request Negação de Serviço	7.8	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.02
15	Microsoft Windows Guest Account direitos alargados	7.3	7.1	$25k-$100k	$5k-$25k	Not Defined	Workaround	0.00000	0.04
16	Apple iOS/iPadOS Audio Divulgação de Informação	3.3	3.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00080	0.00	CVE-2022-32825
17	InterWorx SiteWorx httpd.php Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00418	0.00	CVE-2007-4588
18	InterWorx SiteWorx ftp.php Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00418	0.00	CVE-2007-4588
19	phpHtmlLib NavTable.php direitos alargados	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.14048	0.00	CVE-2006-4287
20	Apple iOS/iPadOS WebRTC Excesso de tampão	7.5	7.4	$100k e mais	$5k-$25k	Not Defined	Official Fix	0.01152	0.00	CVE-2022-2294

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	3.13.191.225	ec2-3-13-191-225.us-east-2.compute.amazonaws.com	Ozone RAT	04/05/2021	verified	Médio
2	3.14.182.203	ec2-3-14-182-203.us-east-2.compute.amazonaws.com	Ozone RAT	04/05/2021	verified	Médio
3	3.22.53.161	ec2-3-22-53-161.us-east-2.compute.amazonaws.com	Ozone RAT	07/04/2021	verified	Médio
4	X.XXX.XXX.XXX	xxx-x-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	17/07/2021	verified	Médio
5	X.XXX.XXX.XXX	xxx-x-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	04/05/2021	verified	Médio
6	X.XXX.XXX.X	xxx-x-xxx-xxx-x.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	17/07/2021	verified	Médio
7	X.XXX.XXX.XX	xxx-x-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	19/06/2021	verified	Médio
8	XX.XX.XX.XXX	xxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	07/04/2021	verified	Médio
9	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	19/06/2021	verified	Médio
10	XX.XX.XX.XXX	xxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx Xxx	07/04/2021	verified	Médio
11	XXX.XX.XXX.XXX	xxx.xxxxxxxxxx.xxxxx	Xxxxx Xxx	28/03/2021	verified	Alto
12	XXX.XXX.XXX.XX		Xxxxx Xxx	22/03/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22, CWE-23, CWE-24	Path Traversal	predictive	Alto
2	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/group1/uploa	predictive	Alto
2	File	/vicidial/AST_agent_time_sheet.php	predictive	Alto
3	File	arch/powerpc/mm/mmu_context_book3s64.c	predictive	Alto
4	File	xxxx/xxxxx/xxxxxx/xxxxx.x	predictive	Alto
5	File	xxxxxx_xxxxxx.xxx	predictive	Alto
6	File	xxxxxxx/xxx/xxx/xxxx/xxxx_xxx_xxxxxxx.x	predictive	Alto
7	File	xxx.xxx	predictive	Baixo
8	File	xxxxx.xxx	predictive	Médio
9	File	xxxxxx/xxxxxx.x	predictive	Alto
10	File	xxxxxxxx.xxx	predictive	Médio
11	File	xxxxx-xxx.x	predictive	Médio
12	File	xxxxxxxxx/xxxx/xxxxxxxxx.xxx	predictive	Alto
13	File	xxxxxx_xxxx.xxx	predictive	Alto
14	Library	xxxx/xxx/xxx/xxxx-xxxx.x	predictive	Alto
15	Library	xxx/xxx.x	predictive	Médio
16	Argument	xxxxx	predictive	Baixo
17	Argument	xxx	predictive	Baixo
18	Argument	xxxxx	predictive	Baixo
19	Argument	xxxx_xxxx	predictive	Médio
20	Argument	xxxxxxxxxx	predictive	Médio
21	Argument	xxxx	predictive	Baixo
22	Argument	xxxx_xx	predictive	Baixo

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!