Known Indicators of Compromise Associated with Androxgh0st Malware

**Executive summary:** The FBI and CISA alert that Androxgh0st is an actively used Python-based malware that builds botnets to scan and exploit PHPUnit, Laravel, and vulnerable Apache servers (exploiting CVE-2017-9841, CVE-2018-15133, CVE-2021-41773) to steal .env and cloud credentials, drop web shells, and deploy further scanning infrastructure; the advisory includes IOCs, MITRE ATT&CK mappings, detection recommendations, and mitigations.