Hide Navigation Hide TOC

Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)

Rotexy is an Android banking malware that has evolved over several years. It was originally an SMS spyware Trojan first spotted in October 2014, and since then has evolved to contain more features, including ransomware functionality.(Citation: securelist rotexy 2018)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	1
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	1
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303)	Attack Pattern	Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84)	Attack Pattern	2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	2
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	2
Dynamic Resolution - T1637 (2ccc3d39-9598-4d32-9657-42e1c7095d26)	Attack Pattern	Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626)	Attack Pattern	2
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	2
Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591)	Attack Pattern	Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	2