Not Simon
Juniper provides a technical analysis of AndroxGh0st, a Python-based malware designed to target Laravel applications. The Androxgh0st malware leverages three critical vulnerabilities, all three of which are in the CISA KEV Catalog: Androxgh0st exploits CVE-2021-41773 as its first foothold, then gaining RCE through both CVE-2017-9841 and CVE-2018-15133 (which exploits weaknesses in XSRF-TOKEN handling). IOC provided. π https://blogs.juniper.net/en-us/security/shielding-networks-against-androxgh0st
#AndroxGh0st #thratintel #Laravel #CVE_2021_41773 #CVE_2017_9841 #CVE_2018_15133 #IOC
Shielding Networks From Androxgh0st | Official Juniper Networks Blogs
AndroxGh0st is a Python-based malware designed to target Laravel applications. It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio. Classified as an SMTP cracker, it exploits SMTP using various strategies such as credential exploitation, web shell deployment and vulnerability scanning. While its ability to generate AWS keys hints at potential brute force attacks, this aspect remains more of a novelty. The primary goal is clear: compromise and extract critical data from Laravel applications, emphasizing the need for robust cybersecurity measures.
Anastasis Vasileiadis