{ "Event": { "analysis": "1", "date": "2026-03-11", "extends_uuid": "", "info": "[Threat Intel] RondoDox Botnet: From Zero to 174 Exploited Vulnerabilities", "protected": false, "publish_timestamp": "1774048938", "published": true, "threat_level_id": "3", "timestamp": "1774048937", "uuid": "e7814720-c708-4466-ab36-c2fc64cdb26a", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#b7042e", "local": false, "name": "misp-galaxy:producer=\"Bitsight\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#f8140a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": "" }, { "colour": "#fb3bcd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Host Information - T1592\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#657ac3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Protocol Tunneling - T1572\"", "relationship_type": "" }, { "colour": "#866c0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Active Scanning - T1595\"", "relationship_type": "" }, { "colour": "#4715ea", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Launchctl - T1569.001\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#6fe7f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Tool - T1588.002\"", "relationship_type": "" }, { "colour": "#7628f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#57b2ae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\"", "relationship_type": "" }, { "colour": "#37ffb5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#370063", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1021.001\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"vulnerability\"", "relationship_type": "" }, { "colour": "#120046", "local": false, "name": "rectifyq:sub-category=\"infra-profile\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#1a0065", "local": false, "name": "rectifyq:topic=\"crypto-related\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "link", "uuid": "707d7024-64e2-4355-80ea-df85910cb80b", "value": "https://www.bitsight.com/blog/rondodox-botnet-infrastructure-analysis" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "text", "uuid": "0518877d-7470-4f54-b054-da98ee5ee01f", "value": "The RondoDox botnet has emerged as a significant threat, exploiting 174 different vulnerabilities since May 2025. It primarily targets IoT devices and internet-exposed services for DoS attacks. The botnet's infrastructure includes exploiting and hosting components, with evidence suggesting the use of compromised residential IPs. RondoDox's operators have shown a rapid adoption of newly disclosed vulnerabilities, sometimes exploiting them within days of publication. The botnet's evolution includes a shift from a shotgun approach using numerous exploits to a more focused strategy targeting recent, critical vulnerabilities. The malware shares similarities with Mirai but focuses solely on DoS attacks. This threat highlights the importance of exposure management in cybersecurity." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "text", "uuid": "48933764-b22a-4e3e-8d9d-e374cd3e198c", "value": "Name: RondoDox Botnet: From Zero to 174 Exploited Vulnerabilities\nAuthor: AlienVault\nAdversary: RondoDox\nTags: [\"ddos\", \"xmrig\", \"botnet\", \"vulnerability exploitation\", \"rondodox\", \"iot\"]\nTgtd countries: []\nMlwr families: [\"RondoDox\", \"XMRig\"]\nAttack_ids: [\"T1047\", \"T1592\", \"T1190\", \"T1572\", \"T1595\", \"T1569.001\", \"T1102\", \"T1588.002\", \"T1059.004\", \"T1078\", \"T1571\", \"T1573\", \"T1496\", \"T1498\", \"T1105\", \"T1021.001\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "threat-actor", "uuid": "6193116e-46d0-445b-8721-5a506c939c1d", "value": "RondoDox" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032104", "to_ids": true, "type": "ip-dst", "uuid": "53553502-2c43-4073-8331-99cdb2ed0653", "value": "83.150.218.93", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032126", "to_ids": true, "type": "ip-dst", "uuid": "e11e8032-e14e-49a3-88a9-a20849fd634a", "value": "87.121.84.31", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032147", "to_ids": true, "type": "ip-dst", "uuid": "bf6c0147-04e1-40ce-8c38-d322efeb66a3", "value": "87.121.84.75", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032177", "to_ids": true, "type": "ip-dst", "uuid": "6c352f8c-4ddf-49ad-be82-87500f930380", "value": "14.103.145.202", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032199", "to_ids": true, "type": "ip-dst", "uuid": "a05b2b7e-d827-435d-b21e-811bad63fa22", "value": "14.103.145.211", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032221", "to_ids": true, "type": "ip-dst", "uuid": "fd89091d-1eeb-41bb-b8e3-44ca05746fda", "value": "192.183.232.142", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032242", "to_ids": true, "type": "ip-dst", "uuid": "8aa7cd61-d296-42f9-9d13-c70803280d64", "value": "37.32.15.8", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032264", "to_ids": true, "type": "ip-dst", "uuid": "7d646d11-08f7-44a7-8f87-0c736b3b4fb4", "value": "38.59.219.27", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032285", "to_ids": true, "type": "ip-dst", "uuid": "239780ad-6ed4-4821-ab06-a3e4f9ab61e4", "value": "41.231.37.153", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032307", "to_ids": true, "type": "ip-dst", "uuid": "7728271c-2679-4ee2-bc9d-5f33b2e0c0b5", "value": "74.194.191.52", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032328", "to_ids": true, "type": "ip-dst", "uuid": "63a8ed65-bb65-4cf2-a4d6-8357bd575e13", "value": "99.241.94.234", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "8c474ca2-eeab-4f4e-ae84-48329563b658", "value": "CVE-2023-46604" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "fd765cb3-7e10-4993-a235-cbc6fc999e72", "value": "CVE-2025-20281" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "97889fdb-bbe7-462f-8787-ae060e35765d", "value": "CVE-2025-24016" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "453c386b-2f0a-4d93-802c-ab9cf8b38059", "value": "CVE-2025-24893" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "6d9e1ffc-35f8-499b-b5fa-732d5bce2a0b", "value": "CVE-2025-32756" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "cc4736c4-0de7-4037-bb7e-42a478f43ad3", "value": "CVE-2025-37164" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "cf10f5bf-d505-478c-9d62-1979c9e9d073", "value": "CVE-2025-47812" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "c6e55f9a-543d-4b04-989a-854a2d37c6da", "value": "CVE-2025-48827" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "e298ee63-30d3-4323-9698-8d7779b8c2db", "value": "CVE-2025-52089" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "94129ba4-215e-4733-8cb2-b43cea88eaf1", "value": "CVE-2025-55182" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "fc88f20c-23c3-45a0-9a12-06c89421c511", "value": "CVE-2025-57296" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658836", "to_ids": false, "type": "vulnerability", "uuid": "8ac50477-ee4f-417b-8374-c24cdc99ecc8", "value": "CVE-2025-62593" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028177", "to_ids": true, "type": "sha256", "uuid": "e9f4aecf-e750-4d97-bbd5-43d53744815f", "value": "ce6375a4077edaf2f83847e3cefd8eb9535da249806d3214b22a0d50891c7b4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032349", "to_ids": true, "type": "ip-dst", "uuid": "971e26bc-2d11-431b-af7a-fbfed515ebd6", "value": "154.91.254.95", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032370", "to_ids": true, "type": "ip-dst", "uuid": "b604b68d-0916-4bf3-93a1-d759629a76e6", "value": "169.255.72.169", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032392", "to_ids": true, "type": "ip-dst", "uuid": "2e8313bd-1f57-4a0e-aeb9-d0a3d5888170", "value": "192.159.99.95", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032414", "to_ids": true, "type": "ip-dst", "uuid": "17f39bc3-51e6-4b20-b772-337466a61487", "value": "192.253.248.5", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032435", "to_ids": true, "type": "ip-dst", "uuid": "fe6dd783-33a1-494a-9fcc-2fe5fc0c6764", "value": "23.228.188.126", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032456", "to_ids": true, "type": "ip-dst", "uuid": "c488135e-1348-4e58-97c9-03bf1e9be8d2", "value": "45.125.66.100", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032478", "to_ids": true, "type": "ip-dst", "uuid": "e441ac5c-c017-467f-bd81-683024ae3c78", "value": "45.135.194.11", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032499", "to_ids": true, "type": "ip-dst", "uuid": "fcbf52c9-8f18-40e1-99bd-2029d4c35c85", "value": "45.135.194.32", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032520", "to_ids": true, "type": "ip-dst", "uuid": "ba240e59-43d7-4710-9809-1c17d15312b8", "value": "45.135.194.34", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032542", "to_ids": true, "type": "ip-dst", "uuid": "e1f00ed9-d180-49b7-80c7-416f8e6a1f4a", "value": "45.153.34.156", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032563", "to_ids": true, "type": "ip-dst", "uuid": "0490a7db-a9bb-4f02-bd18-6aa24ceac2fc", "value": "45.156.87.165", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032585", "to_ids": true, "type": "ip-dst", "uuid": "f9b70ed2-f716-4ea0-84f9-240a71e2dcc1", "value": "45.8.145.203", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032606", "to_ids": true, "type": "ip-dst", "uuid": "c7dc8680-5fa5-4d7a-95d3-79aedfe54028", "value": "70.184.13.47", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032637", "to_ids": true, "type": "ip-dst", "uuid": "51412744-4d62-4b82-b588-3c61c40b99cb", "value": "78.153.149.90", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032658", "to_ids": true, "type": "ip-dst", "uuid": "db8fb513-6a65-496f-a678-453d5ad7f7a9", "value": "83.252.42.112", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032679", "to_ids": true, "type": "ip-dst", "uuid": "a8920c2d-5a2e-4395-87e3-604d1c34d8ee", "value": "87.121.84.132", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032700", "to_ids": true, "type": "domain", "uuid": "a8eb08ca-90da-47ec-9be9-263272eaaa22", "value": "x1337.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032722", "to_ids": true, "type": "ip-dst", "uuid": "329d3610-e17b-4430-abe8-c8c1342c1c71", "value": "124.198.131.83", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032743", "to_ids": true, "type": "ip-dst", "uuid": "86f8a2a8-6f8f-43d8-860c-eaf7a2c06bf0", "value": "135.148.68.54", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032764", "to_ids": true, "type": "ip-dst", "uuid": "de5cf51d-3333-42ad-ac7b-593fb442e35b", "value": "193.26.115.178", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032785", "to_ids": true, "type": "ip-dst", "uuid": "e143be50-93fa-4c9e-9ff0-92c8b49ddb69", "value": "193.26.115.195", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032807", "to_ids": true, "type": "ip-dst", "uuid": "1c7137b7-6dae-47d3-9b70-5b113e4ccf05", "value": "45.88.186.32", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032829", "to_ids": true, "type": "ip-dst", "uuid": "a74dcdbc-b6be-4a61-a71f-b165b56f10a0", "value": "45.88.186.85", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032850", "to_ids": true, "type": "ip-dst", "uuid": "a4781349-849a-487b-85a0-2ccbf274361e", "value": "45.92.1.50", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032872", "to_ids": true, "type": "ip-dst", "uuid": "50ff40ee-f137-4daa-a412-4dd43e50eacb", "value": "45.94.31.201", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032893", "to_ids": true, "type": "ip-dst", "uuid": "a13e2834-bed1-4542-8f88-8219fb5eb312", "value": "45.94.31.89", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774032914", "uuid": "cecdc0cd-0a3f-47d7-807f-85fd144c675f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774032914", "to_ids": true, "type": "md5", "uuid": "42717c8b-9870-4876-b674-fbcdaeb25433", "value": "0d54448fe3c9b048c6d48c6ee2f6f936", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028175", "to_ids": true, "type": "sha1", "uuid": "7db11e84-8aff-4dc3-86f7-93f1e6e75d1a", "value": "aa13e8e1bda39dd665cdf1edb0261b364e53c731", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028176", "to_ids": true, "type": "sha256", "uuid": "2eaa1e15-7e80-4303-8794-1423bc2ab5f6", "value": "691e4ec280aaff33270f33a9bb48a3fc38e2bd91c7359e687e3f0bd682f20b54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774027140", "to_ids": true, "type": "ssdeep", "uuid": "4c2e2a49-3524-463a-ad43-af8ce0adf378", "value": "1536:/033T0ZSviAt1IoNheQ94Im4wr8NY5gueSj8x1u1M3WaMdxFXazxDHQ9Gb0wr5RI:/0nTcK7hhe7ImXTdeSw1u1yWZxFX+Zc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774027140", "to_ids": false, "type": "size-in-bytes", "uuid": "b81c3f26-e1be-44bd-9bfe-e17ad74b4e19", "value": "103256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774027140", "to_ids": true, "type": "vhash", "uuid": "ed0ea1ab-4d29-4ac4-adb1-ef2d44d3cb0a", "value": "bdbaa45a237d1d0ab6eb5d93a540afdc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774027140", "to_ids": true, "type": "filename", "uuid": "905079fa-daf8-4735-849f-2ac179a86330", "value": "rondo.x86_64" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774027140", "to_ids": false, "type": "text", "uuid": "651284f5-a016-4a7f-aa99-19ba0b08f896", "value": "Type Description: ELF\nMicrosoft: Backdoor:Linux/Mirai.LB!MTB\nVT Total Detection:39/65\nFirst Submission:2025-11-01T21:52:13.000000+00:00\nLast Submission:2025-11-14T10:53:15.000000+00:00" } ] } ] } }