Browse
Fortinet Community
Help
Sign In
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive
Holiday badge!
Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
Support Forum
Knowledge Base
Customer Service
Internal Article Nominations
FortiGate
FortiClient
FortiAP
FortiAnalyzer
FortiADC
FortiAuthenticator
FortiBridge
FortiCache
FortiCarrier
FortiCASB
FortiConnect
FortiConverter
FortiCNP
FortiDAST
FortiDDoS
FortiDB
FortiDNS
FortiDLP
FortiDeceptor
FortiDevSec
FortiDirector
FortiEDR
FortiExtender
FortiGate Cloud
FortiGuard
FortiHypervisor
FortiGuest
FortiInsight
FortiIsolator
FortiMail
FortiMonitor
FortiManager
FortiNAC
FortiNAC-F
FortiNDR (on-premise)
FortiNDRCloud
FortiPAM
FortiPhish
FortiPortal
FortiProxy
FortiRecon
FortiRecorder
FortiSRA
FortiSandbox
FortiSASE
FortiScan
FortiSOAR
FortiSIEM
FortiSwitch
FortiTester
FortiVoice
FortiToken
FortiWAN
FortiWeb
FortiAppSec Cloud
Lacework
Wireless Controller
RMA Information and Announcements
FortiCloud Products
ZTNA
4D Documents
Community Groups
Agora
Engage Services
The EPSP Platform
The ETSP Platform
Finland
FortiGate-VM on Azure
Discussions & Onboarding Information
Technical Learning
FortiGate-VM on AWS
Discussions & Onboarding Information
Technical Learning
FortiGate CNF (All Marketplaces)
Getting Started Resources
Technical Learning
FortiWeb Cloud (All Marketplaces)
Getting Started Resources
Technical Learning
Fortinet for SAP
Discussions
Technical Learning
Knowledge Base
Idea Exchange
Events
FortiSIEM
Discussions
Blog
FortiSOAR
Discussions
Announcements
Idea Exchange
KCS
Lacework
Super User
Blogs
FortiNDRCloud
SaaS based NDR solution providing 365 days data retention, along with Technical Success Manager
Fortinet Community
Knowledge Base
FortiNDRCloud
FortiGuard Outbreak Alert: Androxgh0st Malware Att...
Options
Subscribe to RSS Feed
Mark as New
Mark as Read
Bookmark
Subscribe
Printer Friendly Page
Report Inappropriate Content
kcheung
Staff
Created on
02-21-2024
09:23 PM
Edited on
02-22-2024
11:00 AM
Article Id
300606
FortiGuard Outbreak Alert: Androxgh0st Malware Attack
Description
This article describes the Androxgh0st Attack coverage with FortiNDR Cloud.
Androxgh0st is a info-stealing malware exploiting the Laravel Framework (CVE-2018-15133) to spread and conduct information gathering attacks on the target networks
CVE ID
CVE-2018-15133 (
https://nvd.nist.gov/vuln/detail/cve-2018-15133
)
NDR Cloud Detection Rule
Detection Rule Name
Category
Primary MITRE ID
FortiGuard Outbreak Alert: AndroxGh0st Malware HTTP POST Request
Attack: Command and Control
T1071 - Application Layer Protocol
FortiGuard Outbreak Alert: CVE-2018-15133 Laravel Framework Unserialize RCE HTTP POST Request
Attack: Exploitation
T1190 - Exploit Public-Facing Application
Threat hunting
FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Androxgh0st” related activities.
https://www.fortiguard.com/outbreak-ioc?tag=Androxgh0st%20Malware
Suricata Coverage
N/A
Other Fortinet Products
For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to
https://www.fortiguard.com/outbreak-alert/androxgh0st-malware
Labels:
FortiGuard Outbreak Alert
Contributors
kcheung
