Botnet Loader-as-a-Service Infrastructure Distributing RondoDoX and Mirai Payloads
· Published 25/09/2025 23:21 · Modified 26/09/2025 11:56
Essential information
- Published
- 25/09/2025 23:21
- Modified
- 26/09/2025 11:56
- Tags
- 2025-09-25 CVE-2012-1823 CVE-2019-16759 CVE-2019-17574 botnet command injection cryptomining iot loader-as-a-service mirai morte rondodox soho routers
- Related entities
- 3 vulnerabilities (cve), 200 observables, 8 techniques (mitre), 3 malware, 2 others
Description
A sophisticated botnet operation employing a Loader-as-a-Service model was uncovered through exposed command and control logs spanning six months. The campaign systematically targets SOHO routers, IoT devices, and enterprise applications through command injection vulnerabilities in web interfaces. Key attack vectors include exploiting unsanitized POST parameters, leveraging default credentials, and targeting known CVEs in various systems. The operation showed a 230% attack spike from July-August 2025, deploying multi-architecture malware including Morte binaries and cryptomining payloads. With rapid infrastructure rotation and diverse malware, the threat is evolving rapidly, necessitating early detection and robust defense measures.
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (3)
Observables (200)
83.252.42.1125.59.248.169220.158.234.135160.187.246.15038.59.219.27152.89.170.51196.251.66.32176.65.142.12280.66.75.121www.top1miku.duckdns.orgo2.sibzapaska.ruservizioclienti.mooo.comfbbsbf.work.gdhbtxhuy.duckdns.orgfbi.mikuchannel.sitevansync.netrevoltreps.xyzpixelcheat.comcodingvix.winbennamynale.combatmanansaak.comasdfzeq12.xyzriseonid.comtop1miku.duckdns.orgfff92495e88b67a22930af388c198903511efa21e6d0912a58d8a9feb379ebebfe87b474d3c1047b36b1678435e757633ea1e3e39b395bc3117bb82c1d7d52adfd1696a79fa55c6e605ad699bb213b2e12fbade61db7a2c97c76582a212e4be9fbf1769b9cf0f5f8157ccd5cf2a198d3d9686524753bc2dd1a079fd1249e3134fc5b9854942562fa5184b5c3d9f4f42dfa0adf9e4a815ed37c278a65dc2cac46fb506252d75bb3f2de1723609cfc0fcbc48b3d8d1e89f6204644788ad67b5559fa2d23ca0db28342c95fac070a3b6bfa4a65790ad2b528b69aa4d7e37fdcf534faa4f472e6639e3f18c7503cca60218c461f433011ecf25b836c6fe9e2d403c3f7032980fc68b37fceca2bb8cea96ee5bb083285151b949d49d790dbf62016b9f67fea7b9ebce4b2802a3403c3fc3eec48f446948c49c8d14f0a08a0ccc4eb0df7f5eeb0efe3331ac5d871f986fd151b178a597fde1c27fd61c8fc877f34b909f570f1c72f39cfe5b034f2c2abb460d0c0ab057ad2a13906d222528021d56d6ef5ae13a01b9c45aa255a6203cc6d1258114979f37c187c42ec40aa5f131a0ae4f4aa9921d9416755b1075c803a9b9da17fd61f2b3f8391eaa39520354b150279f119403285eef07d9138abe3c75708d320a75f105d421d343816a6922dd4b697f1fc91a5ea0ec20811aa9ffa9934a745acbe6da09fafb9ef3bf39a6a19d0c412f1d2df92e44fe9a68a17f0e2e0cc471d9618b327434515603f42007c6b396973ef0b7a0de3cbed3e1f254befb5d45226fc5d85fbb4c7a3703bc7a25c65713ea7efcad9a031901d0823648170f8dc48bfb900de28465e0d47914f570c277bb923f036a7842232a000fd0a07d87feddd0d7b8b54b3d32f7d92a2addcca2d563548ed6ad53ceac4889ce9327015b6146fe164ddc7109636e5d9366461e0c06a90abee92fa5d0e69aa5952928af503710e281985a21b04ddeaf0e3caca2c0e51db68ecc5f18ab3e11fd6dc65bc79f4621971422065eaa58cacbdf8038f8d070c50dbecc2db37b662d75c967ad6eb8f0539d7b1168d035e1cdfee705fbe140190d39eec92aba591e653b5004e972de1ae80c32a75b866c909aefc18f54d990545341beae06a777671f1f968d24459d929798d3b22a8d329765b307ba6c92c3db952e6ead6279e3c1ca7ede8e5c806c66ae0f216a03324dcb9b2f74d4cc2056a61afb9e8658145dbdd8a41fba5155e67fb0f3fa2f0f9344f648ffadc698a2b3a7893d3e8e8994a5429786197dd65b01ae6d503fd9c61f3f5f9b4f420f4e70479254016e78b7e1d031ec48bfa27d22769463431d18124109c61d9e744f10e143f62c7ffe678f3fd8a2a645b2b15a1dcc386ae8f63cad9ebde052d410c369019169f4839e6640ab76d0a023794c819c42030de3fb9482389c57ed402d956e151fb6e839ce62ab4b92943ca82c0a8956f59b75cd613fdc8cdd570ad9358eff03c3f9c9d94e656926beee61ada6d06880d8b23a47941231d04c90683fe9ea2edb12980b71fe516acf9e3631e81fa069323c77e8887df93afacb7f249307d368ce7f582ec98e4797b064b4fd93edc8f5b70f6c6798c38786e59f1eda3d244406d4391e8d527e40d671c6b92e4dda4c444d6e650e1dfa6d2f2bd7e0bdebb10e27b3a224c7de3e4520743e4d2016db11f9cdbe06569c98e10b52bb9b54a66850c4489f6d9b9efe301f41aebb02108925bb3ae53351ef72ffb6372860354823eda58ff248d0248e261ddec60ed9950a3b6630382ba49c3cabccb1fc48b135123f140034cfde003e1ff840ff554878de64c5222f5c5e3cd9aef3f87629eda4409a3771b3ee710edde8c5505d3523c9dfb0c48d040e933d543ff4ea70a86190019ca7aa12d3ab122e18ada282a9283c02c7f53d77c24e62b73fe93253bc42e30241430ee4a57365cdd249e3e40e0035f8e75110d8d9793e2bfbc13e490728e876ad01fa98b059d2ddd1b6595a3a898630f14f8a55a695c2e501cbeb3c909bff9ceb29537c2127ab4dc3814b339f6e855df9f46fc6dd5b66b7d2f1f4d030cb8db9d57dacfe428d098dc040f44058e02093d36fa815085e200ad387d74b4c8bbd65327ef4d75487f90d9a34178d6522ccf847a0989aa27bbb35eb3126c10d14ccea1add6d46509407bd8b81d78dcc18600ece71efc946d9fa0dd13179525be32d1f863b5300ae776d1d7572b58ee47dbdeae76c48ddc7694df2e28b3b3b9d2fdf26afab36160c1edd9d4aebacfd41175941f27a22c98f85a9707197c88f1ccac13b52464073d2fa519d5f60940e0363da950654e981b72336c98787a7c0ee871d0fbaf01a9dcda0a1bd2e34a7d05e5b6aff51faf399b3d794916bcf8b0a2a2b8466c66d05c5f6fc4a8d21398ad72923066c6712fb5e2294b6ef8965c319944bf958909ccd8b13961e0d196b85e9b52e237cc9134703f9a12470828ddbbc8a85c8c33d51bf38376dbd1d14403eb256419647302cf76e8073d6715e150342f2fd7bda3c11988daad39a0d03a1b107d452b447fc420c7517408237442c150b123430a75101214a6dc0354cf8c449bca98a275a2f0fc48a16ff49447f035688030c064551e1de7f305ebadce470bb82abd85799a1127e3b9f008eeb7a484f850809c11da05f007d6a56b2dcd98a9ca815fa9f5aa9ed0c7cbf6c3df273088c983faedebd9c1f3d07c7ff4fccd84c2b486ee129be3334bf006794e84f0b316f9bd96cd84c893b0c92be1f9b9cd36fc328748fa81619340b471516b0579cc356fe8197d402edabc5ac7d24865ca7e1ab06d6e85870adfdd6365d32b985e6e5c0586fa9333bbd15f0580ece798cd1858739f92ee5570a86a18ce74e42347b3290ff724df951c75c73223403700c9968db21790bd0573785c242a3fe20d5b00f875ae1325663187beed26f2b86ac8fffeae657056e0ea113e924eb7dfc9f918a7133de5b87ee816f975af8d7fbdc7c4613cc71d869b85ca7ee000b5a87c07c2e76dd65b3a8d1ab63c39f4db5437c7be43c7c9745dd62db6831695aca193b5dffe02650dbd48b587f007b367a37ac6cfa8bef8beedb731bbd10a299d3b8dfa5b0af4fce65f6357dc3ce2c9a95721c683d218217f4fa313e76495ae83f70c5939330a1683582e0dd8b45a1cfeeb14c5d4276c820c78f8dae02bce2ec47ee3d2501739b280681d860304725eec9cf1c57d189b1faea439ea980dda5dbc0c61e2def18c2371432bb16264e180c5b900c4c18e1026af87ff4d65ca470316da6ea6aa7e3f5ad9c03d7c0c7a7fc5af82bfc4af9f0f5053e1abf0d848d999b5d3936521b21bfe0e92101a627a40e695cc06c48b7da0e0eeabec2bd938d6a951f873d15b9f54accb4083d58b50c7cf682f7fc2bc223a2d9c0716ae88f1f3c197342982753679782d2bf685eb0b0098fb3191c35e6065c5ce5a389ca435d0367d1e46420244b6adb451d62810f47617562c22c11bce7a2a07e1da4921a97e0c73445a49130dc87bea22ca938568840f11f5fbbeebfd729ba721beac6ab40eb28c1fb807b5a48286bc8c8f547c20dcd1a9d614bfde10dfc3aa82e605021372817fa24fda7e00f51726097d65b57d531640c05abe6e0ea1f6b58d8322b12e2d8b1aea689a92a9dab1ac6fba03324e5bd5a3e199bdac3e001f0477306558cdac42ea8de344d1bc4998bcb7d50b56d15ddc9011c7be412fbb07f2672d1037df11b0df5c4487e04a8efe230a86dc3a3e009f64a0c6bc978e183115ceaf9f1040a7bd15c9ad6e3e28b654919d4b0eaeaff9cba1fe92bae11209e00ae609bd04b2b0133fc3157d7d8935c6f56c53af024ce92b0474b7bc45ff6e2851cd429cdc7bea5428af3ade006e829c2d4c8febfa8bb0ebe34604b7b27434c69d07768debb963f2f9671ba28f7a43db8fb0b71f88f3c6a12f8e26b5f2b5c49abc59e95b1ced01ae0b68ba8e40c3b7bb87a924dadfb90f5813cf10b538c80f0b5379bef4e10c9ee4103dbd246f6fedd8c0ceb6cb2d63f3eebe7332b6302061d56916a2357796eee3b5b69c6e2e5286200751f6e4083f7495413c2db3faf173a142d5cce9be3c6791434c1a3fc69e58ae3461f58997eee581645e4bb3c468d1cbe948b919d1988fb5f8f43dc26d5f6409fb955a12d253c3d919811bb3b1d1bab6c3709c8efd394705e1b022464568a84e946c0ac51c28adbf937eddb2214748e9a473533a402500adbb87a416aa494091073b8c7f2347e2a59fcebbb1d98ff50ec918a023e73f6a40dd2f15736559350225bac3f11dd3400fa909c4b1882bac20ae446706ddfcc900481013436d6e0c68abb2d1d50f96fd12c42ad4b143ebb10a45d6429eab70e2ec761fd924aaa4e501e7afa4df07d55f70918335b099f6e1a182f6f3184585b0f3c25e56b20e953c86888a9df816e31f4fe98614b04e0b59606d883b9e067753297f19f958794f36e54ded9fe2bc6677ee3b8faeae492263c01587f9f312e8d19f40717f63bcaff2204033949bd565c91a0266c9ad4a9a1ead2962ccaeb223a50dce69b127d64576aa03d32411e66f4db5d435e8ab47c51be4573d1130048682528a05d00030e36f8acd0b98a4174e1c31f3aedfaaa7044c07ff52702845b052514b5aca4b6cd7e9a686ac765f3c501d39bdcae3a697a9f25254b1b2f26da103e517324f5af0d8b2bc0b0ee3b1953c64c23399a6a93430a7f67b31d8309cd90f8d4181199aafafa9951980dc4d28d9ebaaa747efa68738555ee905f1edaba7f186b409f643905380d6219d6f38088423330d1cdca4e49bde7be5f3404763e686ceaff2fcfa26539978df5b75cc4c4e5fa89c7828a339875f4df9a2400de9d8e3c9fd3f319eaba68e3a5be2e315996d49c8cf13f1a327768adb64d39a7ea725fbbe155ebcea98253dc60515ce453d32dadbc34032a191850c98273f0d60bd06090d76aa219b669a79e418e8345ab598ee9313af8ca14e9e72aab8cb70557f13c9c517773dec6b647f9aec149844f2b47a703104cfa11a49b298eda9b4557da2a1386c4ea4fd1f0867de5662ad8232bd82cc155253a0304933ee12cf6061fa69603e1ac3f42767d42dc2879066d92e5d03a1e833519f241256e9cf36966f0383605a16d5e7c6cf7f5f24a8d1c840b8e074450966279ed3bd861196743fdd5f98226469c65641eec043845692830a39574fba9150329eaf864706b4af01b072047602bd4f967d5932d100045cbdad7d756c0b5acecf9e251fa8a75dd9e996fea205262572cfd4a365cb87d97c5da9d1309b1e4a98669d4aaee5c3cf730a8e4127a5aeaa883310230a5f4ca4806921594444b47d73759d01f22140ee25bf9d0586c3ac69085a112c6eada777507fcb60bb5fb97d4ad89caf7e10d1ed3332cae4de30efd2c23a55c827abfebb39a974be1c39c001c6649c1d0e5b6c55e53852079d4753f8a9ab697182b85491f7320bc229570ad6cfa69a6145e29e4d7bfddd2da5415b9f336751fab42a22171d0a3447f8e6f69337e89a503ca7255ba9dd924d3a31ddcf779c23d423e3239d93d61f0f5e8121d2811799d4dd5e68c79f299d817c6a5e51d69f3634cc25283b3692781faf68c6f3e3b798504a4fc097331b4ee145b7b6ea8f070d2466ad15cbd9406a2e181eabd7526d98fd6a677fd86a7329d0a9bbc36ff462cfe13c5dd34a08e3acab30056f1ea8a997f86b4eb4e11909969e62c1e09f24ddd3c42728039e3d90e75a4f41e75b37b7966ff0899613a6779ce33736e1d5924e0ee095772722485c15737c06bd40840f96112245395a4766a6eab7ff38a95ca7ee6d2cae5c9a7054f584aea5f3e86db89482ef5ba3d19874f54976546b718ac7b016bcffa5faa0cb4a93925317e9820c92333fe4188232fbea1ee063999cbcf7c65320f7eef11e3d06a8a6b4f4250f90921afcaa272c4e91e3ffdd3caa6be9cf15158012ce348259fe0713c4993bc20791cb61e9d9d1f7e5250486c052a55d39cd918f9d62a79131e4f5cd80059bff409024f131c98d1aaab334247ae832c549de40f8bb3f28111ecfeeb08928dfd77e900016b436489d8c137fbbc72808f5965d988c65b4d0775004830443b1b9619b8ec8a4a505943fbb76f601fcb4246decef20471732415d6005c185e66319a2948e9a88f3509b78ffccfb0d3439a1efe54447bd586dd409d5c92fd8dc48a0a8b98e5d40e7759b5e8e0e7310d67826b99461a2713d19a1d51ebe0b2cafdfa310ff8d47b68e5fa45c6625c3a2cedcd75818ec8355727b43725033b9f036c67980c98c2c667d4d05e3f1677ff82560968b5f7f68f82b1ac04f0769c9cd41f0fc9bd48b8a1120d312a29d1fbac31c30b9a6c896b31503b7b44d2931f30b9d8abbfda18b53b1066684c411ffdd287461b08f53f814ea484b40e90620bcfd21d2560cb38abd08cb08ed77c3d2e4f829aefeb2deead47ff1a71225986a2fbc2801c9ff3c8a7f3adca300252b01ccc9e90617778fd64cb80b573fae0ab0912705a128696089c459ee7f62be968b834b670b01060471f0b6157e1ce47c290c660c12524bb988f6c69c4dbc10fcd6c6db51af4ba6fa8b3b6d65ad88f1553892a1e082026eb7894504d960094ac1ec6536805c8b100cb922d36d3a200c3f32a46d5c1931f94a88b4e7b3b661043782a622103320e8dd017a9038c2ca860c5cd25cd5fb1390cb877e36d4037aaf93e13ae008f182589f792130d91f7be59a97faa4e8e051565f88003bd26251bfbba4dc66b9c03d5376faf181bfb86391a20d1199e94ebcf2a9875e96291225027de880a1345dfb4b331c0c4b1758d059851ae6fc22a457f6be859c03994887de2ebcbd6aa12eea2a0ae37c14f5780f79a3fd74b8146ec4290c852cc48ee53c5bae8f72e673b9d98d39c00b2a0553c6ec5384d423d93cd8ca7e845fcc0e26efd160e72a91b828123181576d1d39d7c53c9554f4a12a384c4feb824fc1ceb57c9a0510734b23a2fba26c447d1cb57011a8208422d29822a7bd2981b4606ae76cb246009f3ce2184bb5c5cf515b981ea9116b4f94fa698cf38d6b7df3f116bd545e0f69afed4155150177550e0c814d04d15b75fe0f38bb93ef8e7a4f1498b4a6e5de57a25031367cf72e29ba1004864eb8d423cce37e7ad878ce7de8085dd54c5ea46dda7f42c2c4da30088dc43e27e46f40defa96f23f5a2a527895a94d893976371d1215ebac8cf5997cf206317cc60d9bc22999db415d9164790c702a2a0555ad5e2247529bea874a13b54f7c110eafa983812875de5c7c8a78beb4e899766ac8e0eaec96dd52555746c77f53fc426ffd0834d3fe1f2fc6d07828052823e2308f3702a9664bbe8f5aeacd351f823cb1266d8358637be6633b775020b66654d24e9d01820494a7ea850a27d4022e0dda6b8cd5ed2b2296f5ce770677de09287452224e3335b31a374122078444eab4e7dfd9df86dda850c95576b75f6ea1117b5eef6a381d1c66d1c2cd6d43b91c76d609dbb94da4eb83998e75e9249bdd7603dbc3fbd436bb76432d495854848b154a53b3e38028a6e75e51769bfbe181d6c751ce11bdb36a006ddd94dc3519e540622157a1789b32eb23017530228f8f2c854bd6b3a5b1c6eba9f554bc37f69d195fb0355eabdbfa790f26757328c1efa712e04c1408623ddeafd8586472f98941a4ba6e93968219d77d7973d874fd4a47cc0f87a018abfeff6d95a0b44c92aac7b0e167f362faebf27ae573a9b69bd82eb493dc6e2a6e9c708e4cbf498ff90fbf876f18a231dfa575819673a7c4aba02e880ce7fae909c21f3e68a001ceb215b26285db9257d4fb478c3f73613a73c0b11e4cdefb074dfc63d55ace4f101c498e1f9f39801ea18a4eab857263ed5d62e194a19133c6f87fbc7f9ef0675020a8dac18bc237bf547d51985071d27b712ac4475ab15b5f7455e5a8efd7c7fea994418c3a2724c75b3543a5c7
Techniques (MITRE) (8)
Malware (3)
Others (2)
- Technology
- Telecommunications