Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave
Essential information
- Published
- 12/11/2024 08:47
- Modified
- 12/11/2024 09:28
- Tags
- 2024-11-12 CVE-2014-2120 CVE-2018-10561 CVE-2018-10562 CVE-2021-26086 CVE-2021-41277 CVE-2022-1040 CVE-2022-21587 CVE-2023-1389 CVE-2024-36401 CVE-2024-4577 androxgh0st botnet credential-theft iot mozi persistent access remote code execution routers vulnerability exploitation web servers
- Related entities
- 13 vulnerabilities (cve), 10 observables, 1 intrusion sets (apt), 20 techniques (mitre), 2 malware, 4 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (13)
An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
- Published
- 31/03/2022
- Modified
- 21/12/2025
Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.
- Published
- 12/11/2024
- Modified
- 21/12/2025
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.
- Published
- 31/03/2022
- Modified
- 20/12/2025
Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 19/03/2014
- Modified
- 22/04/2026
Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the …
- Published
- 12/11/2024
- Modified
- 21/12/2025
OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath …
- Attack vector
- Network
- Published
- 15/07/2024
- Modified
- 21/12/2025
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system …
- Attack vector
- Network
- Published
- 12/06/2024
- Modified
- 21/12/2025
Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications …
- Attack vector
- Network
- Published
- 02/02/2023
- Modified
- 21/12/2025
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured …
- Attack vector
- Network
- Published
- 03/11/2021
- Modified
- 18/02/2026
Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a …
- Published
- 16/01/2024
- Modified
- 21/12/2025
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
- Published
- 31/03/2022
- Modified
- 20/12/2025
TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.
- Attack vector
- Adjacent
- Published
- 01/05/2023
- Modified
- 21/12/2025
Observables (10)
-
45.202.35.24 -
154.216.17.31 -
117.215.206.216 -
200.124.241.140 -
api.next.eventsrealm.com -
b8380e2cd7a2164e8efa0bac32eda97f8b81084e6ba90d44a59d357b9461b6af -
6adf22b7deaf177b7ef5bee65e50e2c689afb8bcb97fb5f0d920476ad4d07d9b -
58015d2873a59d32f68640675d7f68ac681c904c8ca5b79d0a6a360ad9e83826 -
22b1fdcd8a40dacc2fc4907a3cd9e25fcbd8a8466ccfd9de0242a6bde5b8e181 -
0b4536fb2b282d634be632691690bb99eede7cd0306b9409c982d1880d418aee
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (20)
-
Obtain Capabilities MITRE
-
Develop Capabilities MITRE
-
Stage Capabilities MITRE
-
Brute Force MITRE
-
Acquire Infrastructure MITRE
-
Gather Victim Network Information MITRE
-
Remote Services MITRE
-
System Network Configuration Discovery MITRE
-
System Information Discovery MITRE
-
Ingress Tool Transfer MITRE
-
Resource Hijacking MITRE
-
Active Scanning MITRE
Malware (2)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Others (4)
-
British Indian Ocean Territory
-
Albania
-
India
-
China