Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)

Rotexy is an Android banking malware that has evolved over several years. It was originally an SMS spyware Trojan first spotted in October 2014, and since then has evolved to contain more features, including ransomware functionality.(Citation: securelist rotexy 2018)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	2
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303)	Attack Pattern	Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84)	Attack Pattern	2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591)	Attack Pattern	2
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	2
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	2
Dynamic Resolution - T1637 (2ccc3d39-9598-4d32-9657-42e1c7095d26)	Attack Pattern	Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626)	Attack Pattern	2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	2