Androxgh0st
· Published 21/12/2025 05:24 · Modified 21/12/2025 08:21
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 05:24
- Modified
- 21/12/2025 08:21
- Updated at
- 21/12/2025 08:21
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 26 attack patterns (mitre), 2 malware, 4 countries, 13 indicators, 13 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
13 CVEs 20 MITREs 2 Malwares 10 Observables 1 APT
-
8 MITREs 2 Malwares 1 Observable 1 APT
-
3 CVEs 9 MITREs 1 Malware 7 Observables 1 APT
Attack patterns (MITRE) (26)
-
T1110 usesBrute Force MITRE
-
T1071 usesApplication Layer Protocol MITRE
-
T1587 usesDevelop Capabilities MITRE
-
T1562 usesImpair Defenses MITRE
-
T1593 MITRE
-
T1046 usesNetwork Service Discovery MITRE
-
T1082 usesSystem Information Discovery MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1016 usesSystem Network Configuration Discovery MITRE
-
T1595 usesActive Scanning MITRE
-
T1583 usesAcquire Infrastructure MITRE
-
T1537 usesTransfer Data to Cloud Account MITRE
Malware (2)
-
Androxgh0st usesFamily
-
Mozi usesFamily
Countries (4)
-
British Indian Ocean Territory targets
-
India targets
-
China targets
-
Albania targets
Indicators (13)
-
0df17ad20bf796ed549c240856ac2bf9ceb19f21a8cae2dbd7d99369ecd317efindicates -
b8380e2cd7a2164e8efa0bac32eda97f8b81084e6ba90d44a59d357b9461b6afindicates -
api.next.eventsrealm.comindicates -
22b1fdcd8a40dacc2fc4907a3cd9e25fcbd8a8466ccfd9de0242a6bde5b8e181indicates -
ca45a14d0e88e4aa408a6ac2ee3012bf9994b16b74e3c66b588c7eabaaec4d72indicates -
bb7070cbede294963328119d1145546c2e26709c5cea1d876d234b991682c0b7indicates -
58015d2873a59d32f68640675d7f68ac681c904c8ca5b79d0a6a360ad9e83826indicates -
23fc51fde90d98daee27499a7ff94065f7ed4ac09c22867ebd9199e025dee066indicates -
f6f240dc2d32bfd83b49025382dc0a1cf86dba587018de4cd96df16197f05d88indicates -
3b04f3ae4796d77e5a458fe702612228b773bbdefbb64f20d52c574790b5c81aindicates -
6adf22b7deaf177b7ef5bee65e50e2c689afb8bcb97fb5f0d920476ad4d07d9bindicates -
0b4536fb2b282d634be632691690bb99eede7cd0306b9409c982d1880d418aeeindicates
Vulnerabilities (CVE) (13)
9.8
Critical
PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 27/06/2017
- Modified
- 22/04/2026