Description
This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env files containing credentials and uses techniques like remote code execution to gain access. Mitigations include keeping systems updated, secure configurations, credential management, network security, and scanning for malicious files.
Date
| Published | Created | Modified |
|---|---|---|
| July 17, 2024, 7:34 a.m. | July 17, 2024, 7:34 a.m. | July 17, 2024, 7:58 a.m. |
Indicators
f6f240dc2d32bfd83b49025382dc0a1cf86dba587018de4cd96df16197f05d88
3b04f3ae4796d77e5a458fe702612228b773bbdefbb64f20d52c574790b5c81a
ca45a14d0e88e4aa408a6ac2ee3012bf9994b16b74e3c66b588c7eabaaec4d72
bb7070cbede294963328119d1145546c2e26709c5cea1d876d234b991682c0b7
6b5846f32d8009e6b54743d6f817f0c3519be6f370a0917bf455d3d114820bbc
23fc51fde90d98daee27499a7ff94065f7ed4ac09c22867ebd9199e025dee066
0df17ad20bf796ed549c240856ac2bf9ceb19f21a8cae2dbd7d99369ecd317ef
Attack Patterns
AndroxGh0st
AndroxGh0st
T1537
T1588
T1105
T1083
T1071
T1593
T1027
T1190
T1059
CVE-2021-41773
CVE-2018-15133
CVE-2017-9841