RondoDox
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 18:21
- Modified
- 16/03/2026 10:51
- Updated at
- 16/03/2026 10:51
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 5 reports, 42 attack patterns (mitre), 4 malware, 2 sectors, 1 countries, 100 indicators, 66 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (5)
-
12 CVEs 16 MITREs 2 Malwares 29 Observables 1 APT
-
5 MITREs 7 Observables 1 APT
-
23 CVEs 20 MITREs 2 Malwares 26 Observables 1 APT
-
35 CVEs 1 Malware 20 Observables 1 APT
-
15 MITREs 3 Malwares 71 Observables 1 APT
Attack patterns (MITRE) (42)
-
T1595 usesActive Scanning MITRE
-
T1213 usesData from Information Repositories MITRE
-
T1210 usesExploitation of Remote Services MITRE
-
T1611 usesEscape to Host MITRE
-
T1569 usesSystem Services MITRE
-
T1546 usesEvent Triggered Execution MITRE
-
T1106 usesNative API MITRE
-
T1083 usesFile and Directory Discovery MITRE
-
T1133 usesExternal Remote Services MITRE
-
T1078 usesValid Accounts MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1496 usesResource Hijacking MITRE
Malware (4)
-
RondoDox usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
XMRig usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Mirai usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Morte usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (2)
-
Telecommunications targets
-
Technology targets
Countries (1)
-
New Zealand targets
Indicators (100)
-
stix 100/100· Valid until 22/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 22/09/2026 · Source: AlienVault
-
http://83.252.42.112/rondo.arc700indicatesstix 100/100 Revoked· Valid until 26/11/2025 · Source: AlienVault -
http://83.252.42.112/rondo.armv6lindicatesstix 100/100 Revoked· Valid until 26/11/2025 · Source: AlienVault -
stix 100/100· Valid until 22/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 22/11/2026 · Source: AlienVault
-
http://74.194.191.52/rondo.fbsdpowerpcindicatesstix 100/100 Revoked· Valid until 26/11/2025 · Source: AlienVault -
http://74.194.191.52/rondo.powerpc-440fpindicatesstix 100/100 Revoked· Valid until 09/12/2025 · Source: AlienVault -
http://74.194.191.52/rondo.sparcindicatesstix 100/100 Revoked· Valid until 09/12/2025 · Source: AlienVault
Vulnerabilities (CVE) (66)
- Published
- 20/12/2025
- Modified
- 21/12/2025
A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in …
- Attack vector
- NETWORK
- Published
- 25/01/2024
- Modified
- 21/12/2025
RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.
- Attack vector
- NETWORK
- Published
- 16/01/2025
- Modified
- 21/12/2025
LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via …
- Attack vector
- NETWORK
- Published
- 26/03/2023
- Modified
- 21/12/2025
Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution.
- Attack vector
- NETWORK
- Published
- 16/12/2025
- Modified
- 16/03/2026
Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the …
- Attack vector
- NETWORK
- Published
- 03/02/2025
- Modified
- 31/12/2025