From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
Oct. 10, 2025, 9:07 a.m.
Description
A large-scale RondoDox botnet campaign has been identified, exploiting over 50 vulnerabilities across more than 30 vendors. The campaign targets internet-exposed infrastructure, including routers, DVRs, NVRs, CCTV systems, and web servers. It began with exploiting a vulnerability from Pwn2Own Toronto 2022 and has since expanded its arsenal. The campaign uses an 'exploit shotgun' approach, attempting multiple exploits simultaneously. Organizations are at risk of data exfiltration, persistent network compromise, and operational disruption. Prioritizing patching, conducting regular vulnerability assessments, segmenting networks, and continuous monitoring are recommended as proactive security measures.
Tags
Date
- Created: Oct. 10, 2025, 2:11 a.m.
- Published: Oct. 10, 2025, 2:11 a.m.
- Modified: Oct. 10, 2025, 9:07 a.m.
Indicators
- f5fbe6915ab7a82654d99562950619b5edaf995528fb2731dd05a8a4246bea89
- ebe51f66b2aa42396427b187ae9db031b2bdc91f7b48143f81c439c3c11ef14b
- c2be84ecfdb2970f2fa2e4c0e1f4e8eb39b17ee271838490ff847900e8a88fa7
- b05278dcd9f975eb202ce08185ec834f5703e476fa2ab421b62f5418ad6d6789
- 80947823295dfcb0abcce6c092df506050a6dc90b45538cea594dd27cad45709
- 24b96599749041fd127bd839acea3fc709fdb50ca0b15edd47eb5d1b34936349
- 160036783c4e7be0a1c9032ec876d47f8b898a0555af4e5fff2ee19a189dfd49
- 08beb97841e761dd8e34d677d1ed6164a259b9ada3c8e4c26e2b25d47011bfd9
- 01ae333d518131775dfd3ab76832cb4796cda88630ba7b4b9ce2446ec9192b39
- cd84c2b486ee129be3334bf006794e84f0b316f9bd96cd84c893b0c92be1f9b9
- c7c4613cc71d869b85ca7ee000b5a87c07c2e76dd65b3a8d1ab63c39f4db5437
- bfde10dfc3aa82e605021372817fa24fda7e00f51726097d65b57d531640c05a
- a93430a7f67b31d8309cd90f8d4181199aafafa9951980dc4d28d9ebaaa747ef
- a11a49b298eda9b4557da2a1386c4ea4fd1f0867de5662ad8232bd82cc155253
- 6a77842da45c4f0668ff880e129ffbce8e7980ea73fd10bd66124133bed88aff
- 24457ee666362a72a3af8267655413ea26b3a05df6e768b467bdfa5fefbaa14c
- 1cfed5e3963fd22823a63fe44ba533a014dff9528b44c9c2b620c81963d595ce
- 104a156bcf995c35c09ffd27aef713d6d14265e3852fc7184ba046d097a6099e
- 45.8.145.203
- 169.255.72.169
- 14.103.145.212
- 83.252.42.112
- 38.59.219.27
- 74.194.191.52
- 154.91.254.95
- 14.103.145.211
- http://83.252.42.112/rondo.x86_64
- http://83.252.42.112/rondo.sparc
- http://83.252.42.112/rondo.powerpc-440fp
- http://83.252.42.112/rondo.sh4
- http://83.252.42.112/rondo.powerpc
- http://83.252.42.112/rondo.mipsel
- http://83.252.42.112/rondo.mips
- http://83.252.42.112/rondo.m68k
- http://83.252.42.112/rondo.lol
- http://83.252.42.112/rondo.i686
- http://83.252.42.112/rondo.i586
- http://83.252.42.112/rondo.i486
- http://83.252.42.112/rondo.fbsdpowerpc
- http://83.252.42.112/rondo.fbsdi386
- http://83.252.42.112/rondo.fbsdarm64
- http://83.252.42.112/rondo.fbsdamd64
- http://83.252.42.112/rondo.armv7l
- http://83.252.42.112/rondo.armv6l
- http://83.252.42.112/rondo.armv4l
- http://83.252.42.112/rondo.armv5l
- http://83.252.42.112/rondo.arc700
- http://74.194.191.52/rondo.x86_64
- http://74.194.191.52/rondo.sparc
- http://74.194.191.52/rondo.sh4
- http://74.194.191.52/rondo.powerpc-440fp
- http://74.194.191.52/rondo.powerpc
- http://74.194.191.52/rondo.mipsel
- http://74.194.191.52/rondo.mips
- http://74.194.191.52/rondo.m68k
- http://74.194.191.52/rondo.lol
- http://74.194.191.52/rondo.i686
- http://74.194.191.52/rondo.i586
- http://74.194.191.52/rondo.i486
- http://74.194.191.52/rondo.fbsdpowerpc
- http://74.194.191.52/rondo.fbsdi386
- http://74.194.191.52/rondo.fbsdarm64
- http://74.194.191.52/rondo.fbsdamd64
- http://74.194.191.52/rondo.armv7l
- http://74.194.191.52/rondo.armv6l
- http://74.194.191.52/rondo.armv5l
- http://74.194.191.52/rondo.armv4l
- http://74.194.191.52/rondo.armebhf
- http://74.194.191.52/rondo.armeb
- http://74.194.191.52/rondo.arc700
- http://14.103.145.202/rondo.