{
  "name": "RondoDox v2: Evolution of RondoDox Botnet with 650% More Exploits",
  "slug": "rondodox-v2-evolution-of-rondodox-botnet-with-650-more-exploits",
  "description": "The RondoDox botnet has undergone a significant evolution, expanding its capabilities and target range. This new variant, RondoDox v2, demonstrates a 650% increase in exploitation vectors, moving beyond niche DVR targeting to include enterprise applications. Key features include over 75 exploitation vectors, new command and control infrastructure utilizing compromised residential IPs, enhanced obfuscation and persistence mechanisms, and an expanded ecosystem of targets. The botnet now employs a multi-architecture approach, supporting 16 different binary variants to maximize its reach across diverse device types.",
  "published": "2025-11-10T10:06:38+00:00",
  "created_at": "2025-11-10T10:06:38+00:00",
  "modified_at": "2025-11-10T10:56:57+00:00",
  "created_at_opencti": "2025-11-10T10:06:38+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-11-10",
    "CVE-2014-1635",
    "CVE-2014-6271",
    "CVE-2015-2051",
    "CVE-2016-6277",
    "CVE-2017-18368",
    "CVE-2017-18369",
    "CVE-2018-10561",
    "CVE-2018-11714",
    "CVE-2019-16920",
    "CVE-2020-10987",
    "CVE-2020-25506",
    "CVE-2020-27867",
    "CVE-2021-41773",
    "CVE-2021-42013",
    "CVE-2022-36553",
    "CVE-2022-37129",
    "CVE-2022-44149",
    "CVE-2023-1389",
    "CVE-2023-25280",
    "CVE-2023-26801",
    "CVE-2023-47565",
    "CVE-2023-51833",
    "CVE-2023-52163",
    "CVE-2024-10914",
    "CVE-2024-12847",
    "CVE-2024-12856",
    "CVE-2024-3721",
    "CVE-2024-7029",
    "CVE-2025-1829",
    "CVE-2025-22905",
    "CVE-2025-34037",
    "CVE-2025-4008",
    "CVE-2025-5504",
    "CVE-2025-7414",
    "botnet",
    "command injection",
    "ddos",
    "enterprise",
    "exploit",
    "iot",
    "multi-architecture",
    "obfuscation",
    "persistence",
    "rondodox"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "83.252.42.112"
      },
      {
        "id": "",
        "name": "38.59.219.27"
      },
      {
        "id": "",
        "name": "83.150.218.93"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.xcw.sh||busybox"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.xqe.sh|sh&echo"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.qre.sh||busybox"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.[variant].sh"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.[arch].sh]"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.[arch].sh"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.x86_64"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.sparc"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.powerpc-440fp"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.powerpc"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.mipsel"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.armv7l"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.armv6l"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.armv5l"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.armv4l"
      },
      {
        "id": "",
        "name": "http://74.194.191.52/rondo.arc700"
      },
      {
        "id": "",
        "name": "691e4ec280aaff33270f33a9bb48a3fc38e2bd91c7359e687e3f0bd682f20b54"
      }
    ],
    "malware": [
      {
        "id": "98732a5c-45de-4929-8c91-6eea6f8958db",
        "name": "RondoDox",
        "slug": "rondodox"
      }
    ],
    "intrusion_sets": [
      {
        "id": "d492cc74-cb84-4bb2-9620-1ac81822dba6",
        "name": "RondoDox",
        "slug": "rondodox"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2025-34037"
      },
      {
        "id": "",
        "name": "CVE-2022-37129"
      },
      {
        "id": "",
        "name": "CVE-2022-36553"
      },
      {
        "id": "",
        "name": "CVE-2020-27867"
      },
      {
        "id": "",
        "name": "CVE-2018-11714"
      },
      {
        "id": "",
        "name": "CVE-2017-18369"
      },
      {
        "id": "",
        "name": "CVE-2014-1635"
      },
      {
        "id": "",
        "name": "CVE-2025-4008"
      },
      {
        "id": "",
        "name": "CVE-2025-7414"
      },
      {
        "id": "",
        "name": "CVE-2025-5504"
      },
      {
        "id": "",
        "name": "CVE-2022-44149"
      },
      {
        "id": "",
        "name": "CVE-2025-1829"
      },
      {
        "id": "",
        "name": "CVE-2020-25506"
      },
      {
        "id": "",
        "name": "CVE-2023-52163"
      },
      {
        "id": "",
        "name": "CVE-2020-10987"
      },
      {
        "id": "",
        "name": "CVE-2023-47565"
      },
      {
        "id": "",
        "name": "CVE-2025-22905"
      },
      {
        "id": "",
        "name": "CVE-2024-12847"
      },
      {
        "id": "",
        "name": "CVE-2024-12856"
      },
      {
        "id": "",
        "name": "CVE-2024-10914"
      },
      {
        "id": "",
        "name": "CVE-2023-25280"
      },
      {
        "id": "",
        "name": "CVE-2024-7029"
      },
      {
        "id": "",
        "name": "CVE-2021-42013"
      },
      {
        "id": "",
        "name": "CVE-2014-6271"
      },
      {
        "id": "",
        "name": "CVE-2019-16920"
      },
      {
        "id": "",
        "name": "CVE-2016-6277"
      },
      {
        "id": "",
        "name": "CVE-2021-41773"
      },
      {
        "id": "",
        "name": "CVE-2017-18368"
      },
      {
        "id": "",
        "name": "CVE-2018-10561"
      },
      {
        "id": "",
        "name": "CVE-2015-2051"
      },
      {
        "id": "",
        "name": "CVE-2023-1389"
      },
      {
        "id": "",
        "name": "CVE-2023-26801"
      },
      {
        "id": "",
        "name": "CVE-2023-51833"
      },
      {
        "id": "",
        "name": "CVE-2024-3721"
      },
      {
        "id": "",
        "name": "CVE-2017-10271"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "New Zealand"
      },
      {
        "id": "",
        "name": "Technology"
      },
      {
        "id": "",
        "name": "Telecommunications"
      }
    ]
  },
  "external_refs": [
    "https://beelzebub.ai/blog/rondo-dox-v2/",
    "https://otx.alienvault.com/pulse/6911c73e9d8c6d03d8d71b34"
  ]
}