RondoDox Unveiled: Breaking Down a New Botnet Threat
Essential information
- Published
- 16/07/2025 16:10
- Modified
- 16/07/2025 19:29
- Tags
- 2025-07-16 CVE-2024-12856 CVE-2024-3721 botnet ddos evasion linux persistence rondodox traffic mimicry vulnerabilities
- Related entities
- 35 observables, 11 techniques (mitre)
Description
A new botnet called RondoDox has been discovered, exploiting two high-risk vulnerabilities: CVE-2024-3721 and CVE-2024-12856. It targets Linux-based systems on various architectures, including ARM and MIPS. RondoDox uses sophisticated evasion techniques, such as XOR-encoded configuration data, custom libraries, and traffic mimicry to avoid detection. The malware implements multiple persistence methods, terminates specific processes, and renames system executables to disrupt critical functions. It can launch DDoS attacks using HTTP, UDP, and TCP protocols while disguising traffic as popular games and platforms. The botnet's C2 server has been identified, and it poses a significant threat due to its advanced capabilities and ongoing development.