Known Indicators of Compromise Associated with Androxgh0st Malware

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint Cybersecurity Advisory to address known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. This malware is used to establish a botnet that can identify and compromise vulnerable networks. The advisory provides a list of IOCs and TTPs, including scanning for websites using the Laravel web application framework, targeting the PHPUnit module, and exploiting CVE-2017-9841 for remote code execution. It also highlights the malware's ability to access databases and steal credentials for services such as AWS, SendGrid, and Twilio. The advisory encourages organizations to implement mitigation strategies to reduce the likelihood and impact of cybersecurity incidents caused by Androxgh0st infections.