Pulse Detail — Threat Intelligence

PULSE NAME

RondoDox v2: Evolution of RondoDox Botnet with 650% More Exploits

WHITE RondoDox AlienVault 2025-11-10 Modified: 2025-12-10

IOCs

HIGH VOLUME

The RondoDox botnet has undergone a significant evolution, expanding its capabilities and target range. This new variant, RondoDox v2, demonstrates a 650% increase in exploitation vectors, moving beyond niche DVR targeting to include enterprise applications. Key features include over 75 exploitation vectors, new command and control infrastructure utilizing compromised residential IPs, enhanced obfuscation and persistence mechanisms, and an expanded ecosystem of targets. The botnet now employs a multi-architecture approach, supporting 16 different binary variants to maximize its reach across diverse device types.

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

RondoDox

Indicators of Compromise (54)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2014-1635	—	2025-11-10
CVE	CVE-2014-6271	—	2025-11-10
CVE	CVE-2015-2051	—	2025-11-10
CVE	CVE-2016-6277	—	2025-11-10
CVE	CVE-2017-10271	—	2025-11-10
CVE	CVE-2017-18368	—	2025-11-10
CVE	CVE-2017-18369	—	2025-11-10
CVE	CVE-2018-10561	—	2025-11-10
CVE	CVE-2018-11714	—	2025-11-10
CVE	CVE-2019-16920	—	2025-11-10
CVE	CVE-2020-10987	—	2025-11-10
CVE	CVE-2020-25506	—	2025-11-10
CVE	CVE-2020-27867	—	2025-11-10
CVE	CVE-2021-41773	—	2025-11-10
CVE	CVE-2021-42013	—	2025-11-10
CVE	CVE-2022-36553	—	2025-11-10
CVE	CVE-2022-37129	—	2025-11-10
CVE	CVE-2022-44149	—	2025-11-10
CVE	CVE-2023-1389	—	2025-11-10
CVE	CVE-2023-25280	—	2025-11-10
CVE	CVE-2023-26801	—	2025-11-10
CVE	CVE-2023-47565	—	2025-11-10
CVE	CVE-2023-51833	—	2025-11-10
CVE	CVE-2023-52163	—	2025-11-10
CVE	CVE-2024-10914	—	2025-11-10
CVE	CVE-2024-12847	—	2025-11-10
CVE	CVE-2024-12856	—	2025-11-10
CVE	CVE-2024-3721	—	2025-11-10
CVE	CVE-2024-7029	—	2025-11-10
CVE	CVE-2025-1829	—	2025-11-10
CVE	CVE-2025-22905	—	2025-11-10
CVE	CVE-2025-34037	—	2025-11-10
CVE	CVE-2025-4008	—	2025-11-10
CVE	CVE-2025-5504	—	2025-11-10
CVE	CVE-2025-7414	—	2025-11-10
FileHash-MD5	0d54448fe3c9b048c6d48c6ee2f6f936	—	2025-11-10
FileHash-SHA1	aa13e8e1bda39dd665cdf1edb0261b364e53c731	—	2025-11-10
FileHash-SHA256	691e4ec280aaff33270f33a9bb48a3fc38e2bd91c7359e687e3f0bd682f20b54	—	2025-11-10
URL	http://74.194.191.52/rondo.[arch].sh	—	2025-11-10
URL	http://74.194.191.52/rondo.[arch].sh]	—	2025-11-10
URL	http://74.194.191.52/rondo.[variant].sh	—	2025-11-10
URL	http://74.194.191.52/rondo.arc700	—	2025-11-10
URL	http://74.194.191.52/rondo.armv4l	—	2025-11-10
URL	http://74.194.191.52/rondo.armv5l	—	2025-11-10
URL	http://74.194.191.52/rondo.armv6l	—	2025-11-10
URL	http://74.194.191.52/rondo.armv7l	—	2025-11-10
URL	http://74.194.191.52/rondo.mipsel	—	2025-11-10
URL	http://74.194.191.52/rondo.powerpc	—	2025-11-10
URL	http://74.194.191.52/rondo.powerpc-440fp	—	2025-11-10
URL	http://74.194.191.52/rondo.qre.sh\|\|busybox	—	2025-11-10
URL	http://74.194.191.52/rondo.sparc	—	2025-11-10
URL	http://74.194.191.52/rondo.x86_64	—	2025-11-10
URL	http://74.194.191.52/rondo.xcw.sh\|\|busybox	—	2025-11-10
URL	http://74.194.191.52/rondo.xqe.sh\|sh&echo	—	2025-11-10

References (1)

↗ https://beelzebub.ai/blog/rondo-dox-v2/