Skip to content

Hide Navigation Hide TOC

Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)

Rotexy is an Android banking malware that has evolved over several years. It was originally an SMS spyware Trojan first spotted in October 2014, and since then has evolved to contain more features, including ransomware functionality.(Citation: securelist rotexy 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f) Attack Pattern 2
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern 2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591) Attack Pattern 2
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern 2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Dynamic Resolution - T1637 (2ccc3d39-9598-4d32-9657-42e1c7095d26) Attack Pattern Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626) Attack Pattern 2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 2