SecuriTricks - remote code execution

Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave

The Androxgh0st botnet, active since January 2024, has evolved to incorporate Mozi botnet payloads, expanding its attack surface from web servers to IoT devices. It exploits vulnerabilities in various platforms, including Cisco ASA, Atlassian JIRA, and PHP frameworks, utilizing remote code executio…

iot

botnet

credential theft

CVE-2024-4577

vulnerability exploitation

CVE-2018-10562

CVE-2018-10561

androxgh0st

remote code execution

Published: November 12, 2024

Downloadable IOCs 10

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

The AndroxGh0st malware has expanded its capabilities by incorporating the Mozi botnet to target IoT devices and cloud services. This Python-based tool, known for attacking Laravel applications, now exploits a wider range of vulnerabilities in internet-facing applications. The malware uses remote c…

remote code execution

Published: November 8, 2024

Downloadable IOCs 1

Attacker Abuses Victim Resources to Reap Rewards from Titan Network

An attacker exploited the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network. The malicious actor gathered system details using public IP lookup services and various commands. Multiple shell scripts were downloaded and executed …

cryptomining

aws

ssh

remote code execution

Published: November 4, 2024

Downloadable IOCs 1

FortiManager fgfmd vulnerability indicators

A critical vulnerability in FortiManager's fgfmd daemon allows remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. This vulnerability, classified as CWE-306 (Missing Authentication for Critical Function), has been exploited in the wild. The attack …

vulnerability

exfiltration

authentication

remote code execution

2024-10-23

CVE-2024-47575

fortimanager

Published: October 23, 2024

Downloadable IOCs 3

Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine

CVE-2024-38178 is a type confusion vulnerability in JScript9.dll, patched by Microsoft in August 2024. It allows bypassing the CVE-2022-41128 patch through incorrect JIT engine optimizations. APT37, a North Korean threat group, exploited this vulnerability in June 2024 against South Korean targets.…

remote code execution

Published: October 17, 2024

Downloadable IOCs 0

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Trend Micro researchers have identified a new attack vector exploiting CVE-2023-22527 in older versions of Atlassian Confluence Data Center and Server. The attack deploys an in-memory fileless backdoor known as the Godzilla webshell, which uses AES encryption for communication and remains memory-re…

godzilla

remote code execution

Published: September 2, 2024

Downloadable IOCs 0

Increased Activity Against Apache OFBiz CVE-2024-32113

Recently, there has been a surge in malicious activity targeting a critical vulnerability (CVE-2024-32113) in the Apache OFBiz framework, a Java-based platform for developing Enterprise Resource Planning (ERP) applications. This vulnerability, a path traversal issue that can lead to remote code exe…

remote code execution

ofbiz

Published: August 1, 2024

Downloadable IOCs 5

Tag: remote code execution

Attack reports

Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

Attacker Abuses Victim Resources to Reap Rewards from Titan Network

FortiManager fgfmd vulnerability indicators

Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Increased Activity Against Apache OFBiz CVE-2024-32113