Today > vulnerabilities   -   You can now download lists of IOCs here!

Who You Gonna Call? AndroxGh0st Busters!

July 17, 2024, 7:58 a.m.

Tags
python
botnet
credential theft
2024-07-17
androxgh0st
CVE-2021-41773
rce exploitation
CVE-2017-9841
web exploitation
CVE-2018-15133
External References
Description

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env files containing credentials and uses techniques like remote code execution to gain access. Mitigations include keeping systems updated, secure configurations, credential management, network security, and scanning for malicious files.

Date

Published: July 17, 2024, 7:34 a.m.

Created: July 17, 2024, 7:34 a.m.

Modified: July 17, 2024, 7:58 a.m.

Indicators

f6f240dc2d32bfd83b49025382dc0a1cf86dba587018de4cd96df16197f05d88

3b04f3ae4796d77e5a458fe702612228b773bbdefbb64f20d52c574790b5c81a

ca45a14d0e88e4aa408a6ac2ee3012bf9994b16b74e3c66b588c7eabaaec4d72

bb7070cbede294963328119d1145546c2e26709c5cea1d876d234b991682c0b7

6b5846f32d8009e6b54743d6f817f0c3519be6f370a0917bf455d3d114820bbc

23fc51fde90d98daee27499a7ff94065f7ed4ac09c22867ebd9199e025dee066

0df17ad20bf796ed549c240856ac2bf9ceb19f21a8cae2dbd7d99369ecd317ef

Download all indicators here!

Attack Patterns

AndroxGh0st

AndroxGh0st

T1537

T1588

T1105

T1083

T1071

T1593

T1027

T1190

T1059

CVE-2021-41773

CVE-2018-15133

CVE-2017-9841