Pulse Detail — Threat Intelligence

PULSE NAME

Known Indicators of Compromise Associated with Androxgh0st Malware | CISA

WHITE CyberHunter_NL 2024-01-17 Modified: 2024-02-16

IOCs

MEDIUM VOLUME

The FBI and CISA have issued a joint cybersecurity advisory, warning about the threat posed by malware known as Androxgh0st, which can compromise networks and attack critical infrastructure around the world.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1027 T1046 T1059 T1078 T1083 T1105 T1114 T1136 T1190 T1505 T1552 T1583 T1595 T1531 T1218 T1547 T1134 T1003 T1071

MALWARE FAMILIES

Threat Androxgh0st

Indicators of Compromise (38)

All URL hostname CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://mc.rockylinux.si/seoforce/triggers/files/evil.txt	—	2024-01-17
hostname	mc.rockylinux.si	—	2024-01-17
CVE	CVE-2017-9841	—	2024-01-17
CVE	CVE-2018-15133	—	2024-01-17
CVE	CVE-2021-41773	—	2024-01-17
FileHash-MD5	1fb78440dc44b0900b27260a16d9771e	MD5 of 59e90be75e51c86b4b9b69dcede2cf815da5a79f7e05cac27c95ec35294151f4	2024-01-17
FileHash-MD5	9039ae16e5aaa63d9ffe88dfaf0f5108	MD5 of 6b5846f32d8009e6b54743d6f817f0c3519be6f370a0917bf455d3d114820bbc	2024-01-17
FileHash-MD5	95f745a5db131b1ca34e44848fd52edb	MD5 of 0df17ad20bf796ed549c240856ac2bf9ceb19f21a8cae2dbd7d99369ecd317ef	2024-01-17
FileHash-MD5	c1070aca9fcff4a32934e6c8aee4ea48	MD5 of bb7070cbede294963328119d1145546c2e26709c5cea1d876d234b991682c0b7	2024-01-17
FileHash-SHA1	452ec481734a78597b928e29c834d0e43fb2c7e2	SHA1 of 59e90be75e51c86b4b9b69dcede2cf815da5a79f7e05cac27c95ec35294151f4	2024-01-17
FileHash-SHA1	59ce7486745b08d1adba49f2413133c441194986	SHA1 of 6b5846f32d8009e6b54743d6f817f0c3519be6f370a0917bf455d3d114820bbc	2024-01-17
FileHash-SHA1	5fae94432540ade68eabce94140c9a5be153b3c8	SHA1 of 0df17ad20bf796ed549c240856ac2bf9ceb19f21a8cae2dbd7d99369ecd317ef	2024-01-17
FileHash-SHA1	7d1beb03c32db43f5edd4c28f3c905954e40dbd6	SHA1 of bb7070cbede294963328119d1145546c2e26709c5cea1d876d234b991682c0b7	2024-01-17
FileHash-SHA256	0df17ad20bf796ed549c240856ac2bf9ceb19f21a8cae2dbd7d99369ecd317ef	—	2024-01-17
FileHash-SHA256	23fc51fde90d98daee27499a7ff94065f7ed4ac09c22867ebd9199e025dee066	—	2024-01-17
FileHash-SHA256	59e90be75e51c86b4b9b69dcede2cf815da5a79f7e05cac27c95ec35294151f4	—	2024-01-17
FileHash-SHA256	6b5846f32d8009e6b54743d6f817f0c3519be6f370a0917bf455d3d114820bbc	—	2024-01-17
FileHash-SHA256	bb7070cbede294963328119d1145546c2e26709c5cea1d876d234b991682c0b7	—	2024-01-17
FileHash-SHA256	ca45a14d0e88e4aa408a6ac2ee3012bf9994b16b74e3c66b588c7eabaaec4d72	—	2024-01-17
FileHash-SHA256	dcf8f640dd7cc27d2399cce96b1cf4b75e3b9f2dfdf19cee0a170e5a6d2ce6b6	—	2024-01-17
FileHash-SHA256	de1114a09cbab5ae9c1011ddd11719f15087cc29c8303da2e71d861b0594a1ba	—	2024-01-17
URL	http://116.0.0.0	—	2024-01-17
URL	http://45.95.147.236/tmp.x86_64	—	2024-01-17
URL	http://download.asyncfox.xyz/download/xmrig.x86_64	1d320d51112189f76669b97b582345091a2d5dc5df3b6d7379eeb82159f68fc4	2024-01-17
URL	http://main.dsn.ovh/dns/pwer	bb7070cbede294963328119d1145546c2e26709c5cea1d876d234b991682c0b7	2024-01-17
URL	https://chainventures.co.uk/.well-known/aas	—	2024-01-17
URL	https://mc.rockylinux.si/seoforce/triggers/files/evil.txt'	5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807	2024-01-17
domain	chainventures.co.uk	—	2024-01-17
hostname	download.asyncfox.xyz	—	2024-01-17
hostname	eval-stdin.php.dev	—	2024-01-17
hostname	main.dsn.ovh	—	2024-01-17
URL	http://raw.githubusercontent.com/0x5a455553/MARIJUANA/master/MARIJUANA.php	—	2024-01-17
URL	http://tangible-drink.surge.sh/configx.txt	—	2024-01-17
URL	http://www.example.com/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	—	2024-01-17
URL	https://pastebin.com/raw/zw0gAmpC	—	2024-01-17
domain	env.prod	—	2024-01-17
domain	env.save	—	2024-01-17
domain	usa.gov	—	2024-01-17

References (1)

↗ https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-016a