RotaJakiro

Malware & Tools · RotaJakiro

· MalwareS1078 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Linux

Description

RotaJakiro is a 64-bit Linux backdoor used by APT32. First seen in 2018, it uses a plugin architecture to extend capabilities. RotaJakiro can determine it's permission level and execute according to access type (`root` or `user`).(Citation: RotaJakiro 2021 netlab360 analysis)(Citation: netlab360 rotajakiro vs oceanlotus)

Tactic Coverage

persistence (4)privilege escalation (4)command and control (4)execution (3)stealth (2)discovery (2)exfiltration (1)collection (1)

Used By (1 groups)

G0050APT32SeaLotus, OceanLotus

Techniques (17)

T1036.005Match Legitimate Resource Name or Location

stealth

T1037Boot or Logon Initialization Scripts

persistenceprivilege escalation

T1041Exfiltration Over C2 Channel

exfiltration

T1057Process Discovery

discovery

T1082System Information Discovery

discovery

T1095Non-Application Layer Protocol

command and control

References

https://attack.mitre.org/software/S1078 https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/https://blog.netlab.360.com/rotajakiro_linux_version_of_oceanlotus/