RondoDox Unveiled: Breaking Down a New Botnet Threat

SUMMARY :

A new botnet called RondoDox has been discovered, exploiting two high-risk vulnerabilities: CVE-2024-3721 and CVE-2024-12856. It targets Linux-based systems on various architectures, including ARM and MIPS. RondoDox uses sophisticated evasion techniques, such as XOR-encoded configuration data, custom libraries, and traffic mimicry to avoid detection. The malware implements multiple persistence methods, terminates specific processes, and renames system executables to disrupt critical functions. It can launch DDoS attacks using HTTP, UDP, and TCP protocols while disguising traffic as popular games and platforms. The botnet's C2 server has been identified, and it poses a significant threat due to its advanced capabilities and ongoing development.

OPENCTI LABELS :

linux,botnet,vulnerabilities,evasion,ddos,persistence,cve-2024-12856,cve-2024-3721,traffic mimicry,rondodox


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


RondoDox Unveiled: Breaking Down a New Botnet Threat