Skip to content

Hide Navigation Hide TOC

Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)

Rotexy is an Android banking malware that has evolved over several years. It was originally an SMS spyware Trojan first spotted in October 2014, and since then has evolved to contain more features, including ransomware functionality.(Citation: securelist rotexy 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591) Attack Pattern 1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern 1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 1
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern 1
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591) Attack Pattern 2
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 2
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Dynamic Resolution - T1637 (2ccc3d39-9598-4d32-9657-42e1c7095d26) Attack Pattern Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626) Attack Pattern 2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 2
Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f) Attack Pattern System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern 2