{
  "name": "From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits",
  "slug": "from-targeting-pwn2own-vulnerabilities-to-shotgunning-exploits",
  "description": "A large-scale RondoDox botnet campaign has been identified, exploiting over 50 vulnerabilities across more than 30 vendors. The campaign targets internet-exposed infrastructure, including routers, DVRs, NVRs, CCTV systems, and web servers. It began with exploiting a vulnerability from Pwn2Own Toronto 2022 and has since expanded its arsenal. The campaign uses an 'exploit shotgun' approach, attempting multiple exploits simultaneously. Organizations are at risk of data exfiltration, persistent network compromise, and operational disruption. Prioritizing patching, conducting regular vulnerability assessments, segmenting networks, and continuous monitoring are recommended as proactive security measures.",
  "published": "2025-10-10T00:11:33+00:00",
  "created_at": "2025-10-10T00:11:33+00:00",
  "modified_at": "2025-10-10T07:07:59+00:00",
  "created_at_opencti": "2025-10-10T00:11:33+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-10-10",
    "CVE-2023-1389",
    "CVE-2024-12856",
    "CVE-2024-3721",
    "pwn2own",
    "rondodox"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "45.8.145.203"
      },
      {
        "id": "",
        "name": "169.255.72.169"
      },
      {
        "id": "",
        "name": "14.103.145.212"
      },
      {
        "id": "",
        "name": "83.252.42.112"
      },
      {
        "id": "",
        "name": "38.59.219.27"
      },
      {
        "id": "",
        "name": "74.194.191.52"
      },
      {
        "id": "",
        "name": "154.91.254.95"
      },
      {
        "id": "",
        "name": "14.103.145.211"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.x86_64"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.sparc"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.powerpc-440fp"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.sh4"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.powerpc"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.mipsel"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.mips"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.m68k"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.lol"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.i686"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.i586"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.i486"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.fbsdpowerpc"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.fbsdi386"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.fbsdarm64"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.fbsdamd64"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.armv7l"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.armv6l"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.armv4l"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.armv5l"
      },
      {
        "id": "",
        "name": "http://83.252.42.112/rondo.arc700"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.x86_64"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.sparc"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.sh4"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.powerpc-440fp"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.powerpc"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.mipsel"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.mips"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.m68k"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.lol"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.i686"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.i586"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.i486"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.fbsdpowerpc"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.fbsdi386"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.fbsdarm64"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.fbsdamd64"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.armv7l"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.armv6l"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.armv5l"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.armv4l"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.armebhf"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.armeb"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.arc700"
      },
      {
        "id": "",
        "name": "http://14.103.145.202/rondo."
      },
      {
        "id": "",
        "name": "f5fbe6915ab7a82654d99562950619b5edaf995528fb2731dd05a8a4246bea89"
      },
      {
        "id": "",
        "name": "ebe51f66b2aa42396427b187ae9db031b2bdc91f7b48143f81c439c3c11ef14b"
      },
      {
        "id": "",
        "name": "c2be84ecfdb2970f2fa2e4c0e1f4e8eb39b17ee271838490ff847900e8a88fa7"
      },
      {
        "id": "",
        "name": "b05278dcd9f975eb202ce08185ec834f5703e476fa2ab421b62f5418ad6d6789"
      },
      {
        "id": "",
        "name": "80947823295dfcb0abcce6c092df506050a6dc90b45538cea594dd27cad45709"
      },
      {
        "id": "",
        "name": "24b96599749041fd127bd839acea3fc709fdb50ca0b15edd47eb5d1b34936349"
      },
      {
        "id": "",
        "name": "160036783c4e7be0a1c9032ec876d47f8b898a0555af4e5fff2ee19a189dfd49"
      },
      {
        "id": "",
        "name": "08beb97841e761dd8e34d677d1ed6164a259b9ada3c8e4c26e2b25d47011bfd9"
      },
      {
        "id": "",
        "name": "01ae333d518131775dfd3ab76832cb4796cda88630ba7b4b9ce2446ec9192b39"
      },
      {
        "id": "",
        "name": "cd84c2b486ee129be3334bf006794e84f0b316f9bd96cd84c893b0c92be1f9b9"
      },
      {
        "id": "",
        "name": "c7c4613cc71d869b85ca7ee000b5a87c07c2e76dd65b3a8d1ab63c39f4db5437"
      },
      {
        "id": "",
        "name": "bfde10dfc3aa82e605021372817fa24fda7e00f51726097d65b57d531640c05a"
      },
      {
        "id": "",
        "name": "a93430a7f67b31d8309cd90f8d4181199aafafa9951980dc4d28d9ebaaa747ef"
      },
      {
        "id": "",
        "name": "a11a49b298eda9b4557da2a1386c4ea4fd1f0867de5662ad8232bd82cc155253"
      },
      {
        "id": "",
        "name": "6a77842da45c4f0668ff880e129ffbce8e7980ea73fd10bd66124133bed88aff"
      },
      {
        "id": "",
        "name": "24457ee666362a72a3af8267655413ea26b3a05df6e768b467bdfa5fefbaa14c"
      },
      {
        "id": "",
        "name": "1cfed5e3963fd22823a63fe44ba533a014dff9528b44c9c2b620c81963d595ce"
      },
      {
        "id": "",
        "name": "104a156bcf995c35c09ffd27aef713d6d14265e3852fc7184ba046d097a6099e"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:93eb97eb694d55c7",
        "name": "Morte",
        "slug": "morte"
      },
      {
        "id": "legacy:malware:a7e1a2d6a1cfd5a9",
        "name": "RondoDox",
        "slug": "rondodox"
      },
      {
        "id": "5fdcf97f-0489-477b-a5df-c662e5fc5579",
        "name": "Mirai",
        "slug": "mirai"
      }
    ],
    "intrusion_sets": [
      {
        "id": "d492cc74-cb84-4bb2-9620-1ac81822dba6",
        "name": "RondoDox",
        "slug": "rondodox"
      }
    ],
    "attack_patterns": [
      {
        "id": "16e26db7-7376-40c1-b8a9-23d56c44f7ee",
        "name": "T1571"
      },
      {
        "id": "7911f1c3-e86b-4e33-afea-9a054b0295dc",
        "name": "T1222"
      },
      {
        "id": "1e1b6cb4-44b5-4e17-b267-bcb104acb1d4",
        "name": "T1546"
      },
      {
        "id": "6e4e21cc-92cf-4564-920e-d509bd22fd40",
        "name": "T1574"
      },
      {
        "id": "60972cf6-e90b-4600-af3c-13c468391d9c",
        "name": "T1106"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "67c697ce-a6cc-475f-9bee-e14c1bef7067",
        "name": "T1047"
      },
      {
        "id": "33962583-7396-47ef-913d-1db78d6685c9",
        "name": "T1569"
      },
      {
        "id": "820fbdf8-7db2-4292-9a60-7eed3567be8d",
        "name": "T1210"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "b9eab970-53dd-4977-9a26-c4fe566e422d",
        "name": "T1133"
      },
      {
        "id": "6a495275-5433-4b64-90e5-18b9f07296da",
        "name": "T1072"
      },
      {
        "id": "64cdebc9-0fb4-48f2-bf4f-b87f3741f664",
        "name": "T1068"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://www.trendmicro.com/en_us/research/25/j/rondodox.html",
    "https://otx.alienvault.com/pulse/68e86b551440846b11a598a1"
  ]
}