I've just published my analysis on RondoDox v2, and the numbers speak for themselves: +650% exploit vectors compared to v1 documented by FortiGuard Labs.

Key Findings: - 15+ exploitation vectors (from 2 CVEs to enterprise-grade attacks) - C&C on compromised residential IP (multiple AWS EC2) - 16 architectures supported with XOR obfuscation (key: 0x21) - Open attribution: bang2013@atomicmail.io

What concerns me: The jump from consumer DVR/routers to enterprise targets demonstrates an aggressive expansion strategy. We're no longer talking about a "simple" DDoS botnet.

IOCs and detection rules: YARA, Snort/Suricata and complete IOC list available in the full post.