RondoDox
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 18:21
- Modified
- 16/03/2026 10:51
- Updated at
- 16/03/2026 10:51
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 5 reports, 42 attack patterns (mitre), 4 malware, 2 sectors, 1 countries, 100 indicators, 66 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (5)
-
12 CVEs 16 MITREs 2 Malwares 29 Observables 1 APT
-
5 MITREs 7 Observables 1 APT
-
23 CVEs 20 MITREs 2 Malwares 26 Observables 1 APT
-
35 CVEs 1 Malware 20 Observables 1 APT
-
15 MITREs 3 Malwares 71 Observables 1 APT
Attack patterns (MITRE) (42)
-
T1498 usesNetwork Denial of Service MITRE
-
T1021 usesRemote Services MITRE
-
T1571 usesNon-Standard Port MITRE
-
T1569.001 usesLaunchctl MITRE
-
T1574 usesHijack Execution Flow MITRE
-
T1070 usesIndicator Removal MITRE
-
T1021.001 usesRemote Desktop Protocol MITRE
-
T1110 usesBrute Force MITRE
-
T1068 usesExploitation for Privilege Escalation MITRE
-
T1562 usesImpair Defenses MITRE
-
T1102 usesWeb Service MITRE
-
T1105 usesIngress Tool Transfer MITRE
Malware (4)
Sectors (2)
-
Telecommunications targets
-
Technology targets
Countries (1)
-
New Zealand targets
Indicators (100)
-
stix 100/100· Valid until 22/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 22/09/2026 · Source: AlienVault
-
http://83.252.42.112/rondo.arc700indicatesstix 100/100 Revoked· Valid until 26/11/2025 · Source: AlienVault -
http://83.252.42.112/rondo.armv6lindicatesstix 100/100 Revoked· Valid until 26/11/2025 · Source: AlienVault -
stix 100/100· Valid until 22/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 22/11/2026 · Source: AlienVault
-
http://74.194.191.52/rondo.fbsdpowerpcindicatesstix 100/100 Revoked· Valid until 26/11/2025 · Source: AlienVault -
http://74.194.191.52/rondo.powerpc-440fpindicatesstix 100/100 Revoked· Valid until 09/12/2025 · Source: AlienVault -
http://74.194.191.52/rondo.sparcindicatesstix 100/100 Revoked· Valid until 09/12/2025 · Source: AlienVault
Vulnerabilities (CVE) (66)
Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code …
- Attack vector
- Network
- Published
- 14/07/2025
- Modified
- 16/03/2026
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute …
- Attack vector
- ADJACENT_NETWORK
- Published
- 11/07/2025
- Modified
- 16/03/2026
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON …
- Attack vector
- NETWORK
- Published
- 06/01/2023
- Modified
- 21/12/2025
PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by …
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 27/06/2017
- Modified
- 22/04/2026
QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.
- Attack vector
- Adjacent
- Published
- 21/12/2023
- Modified
- 28/02/2026
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, …
- Attack vector
- NETWORK
- Published
- 28/01/2020
- Modified
- 21/12/2025
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary …
- Attack vector
- Network
- Published
- 30/10/2025
- Modified
- 28/01/2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to …
- Attack vector
- Network
- Published
- 02/11/2023
- Modified
- 21/12/2025
Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.
- Published
- 25/03/2022
- Modified
- 21/12/2025
Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary …
- Published
- 25/03/2022
- Modified
- 21/12/2025
A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of …
- Attack vector
- Network
- Complexity
- Low
- Published
- 10/07/2025
- Modified
- 29/04/2026