Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)

Rotexy is an Android banking malware that has evolved over several years. It was originally an SMS spyware Trojan first spotted in October 2014, and since then has evolved to contain more features, including ransomware functionality.(Citation: securelist rotexy 2018)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b)	Attack Pattern	1
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591)	Attack Pattern	1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	1
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd)	Attack Pattern	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77)	Attack Pattern	1
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626)	Attack Pattern	Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)	Malware	System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	1
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	2
Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add)	Attack Pattern	Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673)	Attack Pattern	2
Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303)	Attack Pattern	Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84)	Attack Pattern	2
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591)	Attack Pattern	2
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
Dynamic Resolution - T1637 (2ccc3d39-9598-4d32-9657-42e1c7095d26)	Attack Pattern	Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626)	Attack Pattern	2
Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f)	Attack Pattern	System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad)	Attack Pattern	2