OZH RAT - New .NET malware

Introducing a new remote access tool (RAT) I recently discovered:

IOCs in my OTX feed for this threat have been attached here.

More info:

Florian Roth's THOR APT Scanner picked it up early on:

Windows Forms & System Configuration checks:

OZH RAT is a new malware as far as I can tell. I would be very much interested if another security researcher is able to investigate or share samples of OZH RAT for further malware analysis.

Updated - 2nd June 2020:

The key features of the OZH RAT from the website include: 
- Live Screen Monitoring
- Command-line access (cmd, PowerShell) 
- Lock computer screen 
- Shutdown/Reboot 
- Message Alert box
- Find geo-location
- Clone system 
- Control Panel notification when the infected device is turned on
- FTP communication


Popular posts from this blog

Lessons from the Conti Leaks

Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022

Brute Ratel cracked and shared across the Cybercriminal Underground