Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave | CloudSEK
Tags
country: Albania China India Jamaica
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Credential Stuffing - T1110.004 Credentials - T1589.001 Cron - T1053.003 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Vulnerabilities - T1588.006 Scripting - T1064 Default Credentials Scripting
Show in Graph
Common Information
Type Value
UUID c27cac3f-d398-42aa-a387-8f59acb933e8
Fingerprint 9541b6c32c932d89
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 6, 2024, midnight
Added to db Nov. 13, 2024, 11:07 a.m.
Last updated Nov. 17, 2024, 6:50 p.m.
Headline Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave
Title Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave | CloudSEK
Detected Hints/Tags/Attributes 95/2/47
Source URLs
Redirection Url
Details Source https://www.cloudsek.com/blog/mozi-resurfaces-as-androxgh0st-botnet-unraveling-the-latest-exploitation-wave
URL Provider
Details Provider Source level domain
Details cloudsek.com www.cloudsek.com
Attributes
Details Type #Events CTI Value
Details CVE 41 
cve-2023-1389
Details CVE 56 
cve-2024-36401
Details CVE 33 
cve-2017-9841
Details CVE 12 
cve-2018-15133
Details CVE 44 
cve-2021-41773
Details CVE 7 
cve-2014-2120
Details CVE 8 
cve-2021-26086
Details CVE 8 
cve-2021-41277
Details CVE 36 
cve-2022-1040
Details CVE 12 
cve-2022-21587
Details CVE 47 
cve-2024-4577
Details CVE 43 
cve-2018-10561
Details CVE 45 
cve-2018-10562
Details Domain 2 
api.next.eventsrealm.com
Details File 7 
eval-stdin.php
Details File 40 
web.xml
Details File 7 
currentsetting.htm
Details File 6 
netgear.cfg
Details File 3 
menu.html
Details File 4 
diag.html
Details File 59 
wp-login.php
Details File 115 
auth.log
Details md5 3 
2403a89ab4ffec6d864ac0a7a225e99a
Details md5 2 
d9553ca3d837f261f8dfda9950978a0a
Details md5 2 
c8340927faaf9dccabb84a849f448e92
Details md5 2 
a2021755d4d55c39ada0b4abc0c8bcf5
Details md5 2 
db2a59a1fd789d62858dfc4f436822d7
Details md5 2 
dd5e7a153bebb8270cf0e7ce53e05d9c
Details md5 3 
f75061ac31f8b67ddcd5644f9570e29b
Details md5 3 
45b5c4bff7499603a37d5a665b5b4ca3
Details md5 2 
6f8a79918c78280aec401778564e3345
Details md5 3 
e3e6926fdee074adaa48b4627644fccb
Details md5 3 
abab0da6685a8eb739027aee4a5c4eaa
Details md5 3 
2938986310675fa79e01af965f4ace4f
Details md5 3 
a6609478016c84aa235cd8b3047223eb
Details md5 2 
3cb30d37cdfe949ac1ff3e33705f09e3
Details md5 3 
0564f83ada149b63a8928ff7591389f3
Details md5 3 
3d48dfd97f2b77417410500606b2ced6
Details IPv4 8 
154.216.17.31
Details IPv4 4 
200.124.241.140
Details IPv4 1441 
127.0.0.1
Details IPv4 2 
165.22.184.66
Details IPv4 2 
45.55.104.59
Details IPv4 7 
45.202.35.24
Details IPv4 4 
117.215.206.216
Details Url 1 
http://154.216.17.31
Details Url 1 
http://200.124.241.140:44999/mozi.m