Through our honeypot (https://github.com/mariocandela/beelzebub), I’ve identified a major evolution of the RondoDox botnet, first reported by FortiGuard Labs in 2024.

The newly discovered RondoDox v2 shows a dramatic leap in sophistication and scale:

+650% increase in exploit vectors (75+ CVEs observed)

New C&C infrastructure on compromised residential IPs

16 architecture variants

Open attacker signature: bang2013@atomicmail[.]io

Targets expanded from DVRs and routers to enterprise systems

The full report includes:

- In-depth technical analysis (dropper, ELF binaries, XOR decoding)

- Full IOC list

- YARA and Snort/Suricata detection rules

- Discovery timeline and attribution insights