Today > vulnerabilities   -   You can now download lists of IOCs here!

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

Nov. 8, 2024, 7:22 p.m.

Tags
iot
botnet
wordpress
CVE-2024-4577
CVE-2018-10562
CVE-2018-10561
androxgh0st
remote code execution
cloud services
credential stealing
CVE-2022-1040
2024-11-08
mozi
laravel
CVE-2022-21587
CVE-2024-36401
CVE-2021-41277
CVE-2023-1389
CVE-2021-26086
CVE-2014-2120
External References
Description

The AndroxGh0st malware has expanded its capabilities by incorporating the Mozi botnet to target IoT devices and cloud services. This Python-based tool, known for attacking Laravel applications, now exploits a wider range of vulnerabilities in internet-facing applications. The malware uses remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures. AndroxGh0st's integration with Mozi suggests a possible operational alliance, allowing it to propagate to more devices. The botnet cycles through common administrative usernames and targets WordPress backends. This collaboration enhances the effectiveness and efficiency of their combined botnet operations, potentially indicating control by the same cybercriminal group.

Date

Published: Nov. 8, 2024, 6:33 p.m.

Created: Nov. 8, 2024, 6:33 p.m.

Modified: Nov. 8, 2024, 7:22 p.m.

Indicators

200.124.241.140

Download all indicators here!

Attack Patterns

Mozi

Androxgh0st

Androxgh0st

T1110

T1105

T1569

T1498

T1190

T1133

T1078

T1059