RondoDox
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 18:21
- Modified
- 16/03/2026 10:51
- Updated at
- 16/03/2026 10:51
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 5 reports, 42 attack patterns (mitre), 4 malware, 2 sectors, 1 countries, 100 indicators, 66 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (5)
-
12 CVEs 16 MITREs 2 Malwares 29 Observables 1 APT
-
5 MITREs 7 Observables 1 APT
-
23 CVEs 20 MITREs 2 Malwares 26 Observables 1 APT
-
35 CVEs 1 Malware 20 Observables 1 APT
-
15 MITREs 3 Malwares 71 Observables 1 APT
Attack patterns (MITRE) (42)
-
T1595 usesActive Scanning MITRE
-
T1213 usesData from Information Repositories MITRE
-
T1210 usesExploitation of Remote Services MITRE
-
T1611 usesEscape to Host MITRE
-
T1569 usesSystem Services MITRE
-
T1546 usesEvent Triggered Execution MITRE
-
T1106 usesNative API MITRE
-
T1083 usesFile and Directory Discovery MITRE
-
T1133 usesExternal Remote Services MITRE
-
T1078 usesValid Accounts MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1496 usesResource Hijacking MITRE
Malware (4)
Sectors (2)
-
Telecommunications targets
-
Technology targets
Countries (1)
-
New Zealand targets
Indicators (100)
-
stix 100/100· Valid until 22/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 22/09/2026 · Source: AlienVault
-
http://83.252.42.112/rondo.arc700indicatesstix 100/100 Revoked· Valid until 26/11/2025 · Source: AlienVault -
http://83.252.42.112/rondo.armv6lindicatesstix 100/100 Revoked· Valid until 26/11/2025 · Source: AlienVault -
stix 100/100· Valid until 22/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 22/11/2026 · Source: AlienVault
-
http://74.194.191.52/rondo.fbsdpowerpcindicatesstix 100/100 Revoked· Valid until 26/11/2025 · Source: AlienVault -
http://74.194.191.52/rondo.powerpc-440fpindicatesstix 100/100 Revoked· Valid until 09/12/2025 · Source: AlienVault -
http://74.194.191.52/rondo.sparcindicatesstix 100/100 Revoked· Valid until 09/12/2025 · Source: AlienVault
Vulnerabilities (CVE) (66)
- Published
- 20/12/2025
- Modified
- 21/12/2025
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary …
- Attack vector
- Network
- Published
- 13/12/2022
- Modified
- 20/12/2025
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
- Published
- 03/11/2021
- Modified
- 21/12/2025
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application …
- Attack vector
- Adjacent
- Published
- 02/10/2025
- Modified
- 21/12/2025
D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced …
- Attack vector
- NETWORK
- Published
- 01/09/2022
- Modified
- 21/12/2025
A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the …
- Attack vector
- NETWORK
- Published
- 02/03/2025
- Modified
- 21/12/2025
Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user …
- Published
- 07/08/2023
- Modified
- 20/12/2025
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 24/09/2014
- Modified
- 22/04/2026
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code …
- Attack vector
- Network
- Published
- 28/07/2025
- Modified
- 21/12/2025
A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of …
- Attack vector
- ADJACENT_NETWORK
- Published
- 23/02/2024
- Modified
- 21/12/2025
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of …
- Attack vector
- NETWORK
- Published
- 20/12/2025
- Modified
- 09/03/2026
A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the …
- Attack vector
- Network
- Complexity
- Low
- Published
- 27/08/2025
- Modified
- 29/04/2026