The Reveal Platform
Intel Name: Rondodox unveiled: breaking down a new botnet threat
Date of Scan: July 4, 2025
Impact: Medium
Summary: Over the past month, there has been a noticeable surge in scanning activity linked to a new botnet campaign exploiting two high-risk vulnerabilities: CVE-2024-3721 and CVE-2024-12856. Both vulnerabilities have been publicly disclosed and are currently being actively targeted, presenting serious threats to device security and overall network stability. The botnet behind these attacks, dubbed RondoDox, is a relatively new and low-profile threat compared to more well-known variants like Mirai or Gafgyt. A similar ELF binary was first observed in September 2024. Notably, RondoDox uses custom libraries and mimics traffic patterns from gaming platforms or VPN services to avoid detection.
