Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave

Nov. 12, 2024, 9:28 a.m.

Description

The Androxgh0st botnet, active since January 2024, has evolved to incorporate Mozi botnet payloads, expanding its attack surface from web servers to IoT devices. It exploits vulnerabilities in various platforms, including Cisco ASA, Atlassian JIRA, and PHP frameworks, utilizing remote code execution and credential theft techniques. The botnet targets unpatched systems, employing tactics like command injection and brute-force attacks to maintain persistent access. With over 500 infected devices globally, Androxgh0st poses a significant threat to critical infrastructure. The integration of Mozi's capabilities suggests a possible merger of the two botnets, potentially under the same cybercriminal group, enhancing their combined effectiveness and reach.

Date

Published: Nov. 12, 2024, 8:47 a.m.

Created: Nov. 12, 2024, 8:47 a.m.

Modified: Nov. 12, 2024, 9:28 a.m.

Indicators

b8380e2cd7a2164e8efa0bac32eda97f8b81084e6ba90d44a59d357b9461b6af

6adf22b7deaf177b7ef5bee65e50e2c689afb8bcb97fb5f0d920476ad4d07d9b

58015d2873a59d32f68640675d7f68ac681c904c8ca5b79d0a6a360ad9e83826

22b1fdcd8a40dacc2fc4907a3cd9e25fcbd8a8466ccfd9de0242a6bde5b8e181

0b4536fb2b282d634be632691690bb99eede7cd0306b9409c982d1880d418aee

45.202.35.24

154.216.17.31

117.215.206.216

200.124.241.140

api.next.eventsrealm.com

Attack Patterns

Mozi

Androxgh0st

Androxgh0st

T1588

T1587

T1608

T1110

T1583

T1590

T1021

T1016

T1082

T1105

T1496

T1595

T1046

T1040

T1498

T1562

T1190

T1133

T1078

T1059

CVE-2022-1040

CVE-2021-41277

CVE-2018-10562

CVE-2014-2120

CVE-2021-26086

CVE-2024-36401

CVE-2024-4577

CVE-2022-21587

CVE-2021-41773

CVE-2018-15133

CVE-2018-10561

CVE-2023-1389

CVE-2017-9841

Additional Informations

British Indian Ocean Territory

Albania

India

China