Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave
Nov. 12, 2024, 9:28 a.m.
Description
The Androxgh0st botnet, active since January 2024, has evolved to incorporate Mozi botnet payloads, expanding its attack surface from web servers to IoT devices. It exploits vulnerabilities in various platforms, including Cisco ASA, Atlassian JIRA, and PHP frameworks, utilizing remote code execution and credential theft techniques. The botnet targets unpatched systems, employing tactics like command injection and brute-force attacks to maintain persistent access. With over 500 infected devices globally, Androxgh0st poses a significant threat to critical infrastructure. The integration of Mozi's capabilities suggests a possible merger of the two botnets, potentially under the same cybercriminal group, enhancing their combined effectiveness and reach.
Tags
Date
- Created: Nov. 12, 2024, 8:47 a.m.
- Published: Nov. 12, 2024, 8:47 a.m.
- Modified: Nov. 12, 2024, 9:28 a.m.
Indicators
- b8380e2cd7a2164e8efa0bac32eda97f8b81084e6ba90d44a59d357b9461b6af
- 6adf22b7deaf177b7ef5bee65e50e2c689afb8bcb97fb5f0d920476ad4d07d9b
- 58015d2873a59d32f68640675d7f68ac681c904c8ca5b79d0a6a360ad9e83826
- 22b1fdcd8a40dacc2fc4907a3cd9e25fcbd8a8466ccfd9de0242a6bde5b8e181
- 0b4536fb2b282d634be632691690bb99eede7cd0306b9409c982d1880d418aee
- 45.202.35.24
- 154.216.17.31
- 117.215.206.216
- 200.124.241.140
- api.next.eventsrealm.com
Additional Informations
- British Indian Ocean Territory
- Albania
- India
- China