Androxgh0st
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 05:24
- Modified
- 21/12/2025 08:21
- Updated at
- 21/12/2025 08:21
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 26 attack patterns (mitre), 2 malware, 4 countries, 13 indicators, 13 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
13 CVEs 20 MITREs 2 Malwares 10 Observables 1 APT
-
8 MITREs 2 Malwares 1 Observable 1 APT
-
3 CVEs 9 MITREs 1 Malware 7 Observables 1 APT
Attack patterns (MITRE) (26)
-
-
-
-
-
T1593 MITRE
-
-
-
-
-
-
-
Malware (2)
-
Androxgh0st usesFamily
-
Mozi usesFamily
Countries (4)
-
British Indian Ocean Territory targets
-
India targets
-
China targets
-
Albania targets
Indicators (13)
-
6b5846f32d8009e6b54743d6f817f0c3519be6f370a0917bf455d3d114820bbcindicates
Vulnerabilities (CVE) (13)
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system …
- Attack vector
- Network
- Published
- 12/06/2024
- Modified
- 21/12/2025
An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
- Published
- 31/03/2022
- Modified
- 21/12/2025
TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.
- Attack vector
- Adjacent
- Published
- 01/05/2023
- Modified
- 21/12/2025
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
- Published
- 31/03/2022
- Modified
- 20/12/2025
Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications …
- Attack vector
- Network
- Published
- 02/02/2023
- Modified
- 21/12/2025
Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 19/03/2014
- Modified
- 22/04/2026
Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the …
- Published
- 12/11/2024
- Modified
- 21/12/2025
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.
- Published
- 31/03/2022
- Modified
- 20/12/2025
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured …
- Attack vector
- Network
- Published
- 03/11/2021
- Modified
- 18/02/2026
Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.
- Published
- 12/11/2024
- Modified
- 21/12/2025
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a …
- Published
- 16/01/2024
- Modified
- 21/12/2025
OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath …
- Attack vector
- Network
- Published
- 15/07/2024
- Modified
- 21/12/2025