“##s and four - faith routers, through the exploitation of cve - 2024 - 3721 and cve - 2024 - 12856. more recently, rondodox broadened its distribution by using a “ loader - as - a - service ” infrastructure that co - packages rondodox with mirai / morte payloads — making detectio…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
93%
“exploited in this campaign, helping organizations mitigate exposure while patching efforts are underway. the trend zero day initiative™ ( zdi ) threat hunting and trend™ research teams have identified a significant rondodox botnet campaign that targets a wide range of internet - …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
81%
“cve - 2023 - 1389, targets the wan interface of the tp - link archer ax21 wi - fi router. we previously reported on a mirai campaign that exploited cve - 2023 - 1389 back in 2023, shortly after the pwn2own event. vulnerabilities presented at our pwn2own consumer event continue to…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587.004Exploits
76%
“. a ) - cve - 2018 - 10561 - vsapi - backdoor. linux. muhstik. a ( backdoor. linux. muhstik. a ) - cve - 2018 - 10561 - vsapi - backdoor. linux. momentumbotnet. a ( backdoor. linux. momentumbotnet. a ) - cve - 2018 - 10561 - vsapi - backdoor. linux. krasplint. a ( backdoor. linux…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
65%
“- 2024 - 3721 ( tbk dvr ) and cve - 2024 - 12856 ( four - faith routers ) to rondodox activity, and a subset of the newly observed vulnerabilities was added to cisa ’ s known exploited vulnerabilities ( kev ) catalog, elevating them to immediate, high - priority patching targets …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587.004Exploits
60%
“a ( backdoor. linux. tropimesbot. a ) - cve - 2015 - 2051 - vsapi - backdoor. linux. botenago. a ( backdoor. linux. botenago. a ) - cve - 2015 - 2051 - vsapi - backdoor. linux. hakai. b ( backdoor. linux. hakai. b ) - cve - 2020 - 25506 - vsapi - backdoor. linux. zerobot. a ( bac…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.004Unix Shell
58%
“vision one endpoint security, trend cloud one - workload and endpoint security, deep security and vulnerability protection ips rules - 1006256 - gnu bash remote code execution vulnerability - 1006258 - gnu bash remote code execution vulnerability over dhcp - 1006259 - gnu bash re…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587.004Exploits
51%
“frostymirbot. a ) - cve - 2018 - 10561 - vsapi - backdoor. linux. loudscream. a ( backdoor. linux. loudscream. a ) - cve - 2018 - 10561 - vsapi - backdoor. linux. busybobot. a ( backdoor. linux. busybobot. a ) - cve - 2018 - 10561 - vsapi - backdoor. linux. katana. a ( backdoor. …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
50%
“##ps. a runtime detection - 44585 - http : worm. linux. aresmirbot. a runtime detection - 45104 - tcp : trojan. linux. mirai. agio runtime detection - 45234 - http : d - link nas os command injection vulnerability - 45254 - irc : trojan. linux. capsaicin. a runtime detection - 45…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
48%
“rondodox : from targeting pwn2own vulnerabilities to shotgunning exploits cyber threats rondodox : from targeting pwn2own vulnerabilities to shotgunning exploits trend™ research and zdi threat hunters have identified a large - scale rondodox botnet campaign exploiting over 50 vul…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
42%
“##door. linux. aresmirbot. a ( backdoor. linux. aresmirbot. a ) - cve - 2015 - 2051 - vsapi - trojan - downloader. shell. goldoonps. a ( trojan - downloader. shell. goldoonps. a ) - cve - 2015 - 2051 - vsapi - trojan. linux. goldoon. a ( trojan. linux. goldoon. a ) - cve - 2015 -…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
41%
“threat actors continue to weaponize both publicly disclosed vulnerabilities and zero - day exploits discovered at security competitions like pwn2own. the campaign ’ s shotgun approach of targeting more than 50 vulnerabilities across over 30 vendors underscores the persistent risk…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen in Pwn2Own contests.