Outbreak Alert: Androxgh0st Malware Attack

FortiRecon provides outside-in coverage for risks toward customers.  External Attack Surface Management helps customers identify exposure to known and unknown enterprise assets and associated vulnerabilities across the enterprise. The Vulnerability Intelligence Module under Adversary Centric Intelligence (ACI) provides a realistic view of the impact of the vulnerability based upon chatter and discussion of the same across various external sources such as Darkweb, social media, News / Blogs etc.

CVE ID

CVE-2021-41773

CVE Title   

Apache HTTP Server Directory Traversal

NVD Severity

 High

FortiRecon Severity

Critical

Exploited

Yes

Exploited by Ransomware Group(s)

Yes (Unknown)

Exploited by APT Group(s)

No

Included in CISA KEV List

Yes

Available working exploit(s)

5

Available POC exploit(s)

125

Darknet Mentions

Discussion on 1 Darknet Forum

- Raid

Telegram Mention(s)

Discussion on 4 Telegram channels

- Freedom F0x

- ARVIN

- Exploit Service

-The Archivists Domain

FortiRecon Intelligence Reporting(s)

8 (OSINT, TECHINT)

Social Media Mention(s)

200

EASM Scanner   

No   

CVE ID   

CVE-2017-9841

CVE Title   

PHPUnit eval-stdin.php Code Execution

NVD Severity

Critical

Critical

Exploited

Yes

No

No

Yes

1

14

Discussion on 2 Darknet Forums

- XSS

- Exploit

Discussion on 1 Telegram channels

- WARLOCK DARK ARMY

FortiRecon Intelligence Reporting(s)

3

5

EASM Scanner   

No   

CVE ID   

CVE-2018-15133

CVE Title   

Laravel Framework Code Execution

NVD Severity

High

Critical

Exploited

Yes

No

No

Yes

2

11

None

Discussion on 1 Telegram channel

-Exploit Service

FortiRecon Intelligence Reporting(s)

1 (Darknet)

None

EASM Scanner   

No