Androxgh0st
· Published 21/12/2025 05:24 · Modified 21/12/2025 08:21
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 05:24
- Modified
- 21/12/2025 08:21
- Updated at
- 21/12/2025 08:21
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 26 attack patterns (mitre), 2 malware, 4 countries, 13 indicators, 13 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
13 CVEs 20 MITREs 2 Malwares 10 Observables 1 APT
-
8 MITREs 2 Malwares 1 Observable 1 APT
-
3 CVEs 9 MITREs 1 Malware 7 Observables 1 APT
Attack patterns (MITRE) (26)
-
T1105 usesIngress Tool Transfer MITRE
-
T1078 usesValid Accounts MITRE
-
T1021 usesRemote Services MITRE
-
T1498 usesNetwork Denial of Service MITRE
-
T1040 usesNetwork Sniffing MITRE
-
T1190 usesExploit Public-Facing Application MITRE
-
T1608 usesStage Capabilities MITRE
-
T1588 usesObtain Capabilities MITRE
-
T1569 usesSystem Services MITRE
-
T1496 usesResource Hijacking MITRE
-
T1083 usesFile and Directory Discovery MITRE
-
T1590 usesGather Victim Network Information MITRE
Malware (2)
-
Androxgh0st usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mozi usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Countries (4)
-
British Indian Ocean Territory targets
-
India targets
-
China targets
-
Albania targets
Indicators (13)
-
stix 100/100 Revoked
SUSP_ELF_LNX_UPX_Compressed_File
· Valid until 20/10/2025 · Source: AlienVault
Vulnerabilities (CVE) (13)
9.8
Critical
PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 27/06/2017
- Modified
- 22/04/2026