Frost ICTBroadcast-exploitation DDoS botnet activity
Malware Activity
Summary
Hide ▲
Show ▼
Fresh ICTBroadcast exploitation is delivering the Frost binary to honeypot systems, adding an active DDoS botnet track with limited but targeted scope. The payload chain uses a shell-script stager to fetch architecture-specific binaries, then executes them and deletes the artifacts to reduce traceability. The activity matters because the binary is built to spread using multiple exploits and is aimed at targets of interest.
Related Happenings
RondoDox botnet payload deployment in December 2025
Malware Activity
First: 01.01.2026 11:19
Last: 01.01.2026 11:19
Sources 1
About this happening:
The **RondoDox** botnet was actively dropping **cryptocurrency miners**, the **/nuts/bolts** loader and health checker, and the **/nuts/x86** Mirai variant onto infected devices i...
RondoDox botnet payload deployment in December 2025
Malware ActivityAbout this happening: The **RondoDox** botnet was actively dropping **cryptocurrency miners**, the **/nuts/bolts** loader and health checker, and the **/nuts/x86** Mirai variant onto infected devices i...
Timeline
-
08.12.2025 11:15 2 articles · 5mo ago
Fresh ICTBroadcast exploitation delivers Frost to honeypot systems
Technical Analysis UpdateVulnCheck observed fresh attacks exploiting CVE-2025-2611 in ICTBroadcast honeypot systems to download a shell-script stager that fetches multiple architecture-specific Frost binaries, executes them, and then deletes the payloads and stager to obscure traces; the activity is intended to support DDoS operations against targets of interest.
Show sources
- Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks — thehackernews.com — 08.12.2025 11:15
- Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks — thehackernews.com — 08.12.2025 11:15