MALWARE-C2 Trojan.Linux.RondoDox.A TCP Connection

Rule ID

1236996

Severity

High

Description

Trojan.Linux.RondoDox.A is a bot agent that targets Linux operating systems across multiple architectures. The malware contacts C2 to receive commands to execute various distributed denial-of-service (DDoS) attacks. Additionally, the malware can terminate specified processes and establish persistence on the system.

Impact

Remote command execution

Recommendation

Update vendor's patch.

IPS Category

Malware traffic

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

T1059

T1571

Keywords

N/A

Date Created

2025/07/10

Last Updated

2025/09/16