Who You Gonna Call? AndroxGh0st Busters!
Essential information
- Published
- 17/07/2024 07:34
- Modified
- 17/07/2024 07:58
- Tags
- 2024-07-17 CVE-2017-9841 CVE-2018-15133 CVE-2021-41773 androxgh0st botnet credential-theft python rce exploitation web exploitation
- Related entities
- 3 vulnerabilities (cve), 7 observables, 1 intrusion sets (apt), 9 techniques (mitre), 1 malware
Description
This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env files containing credentials and uses techniques like remote code execution to gain access. Mitigations include keeping systems updated, secure configurations, credential management, network security, and scanning for malicious files.