Skip to content

Hide Navigation Hide TOC

Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063)

Rotexy is an Android banking malware that has evolved over several years. It was originally an SMS spyware Trojan first spotted in October 2014, and since then has evolved to contain more features, including ransomware functionality.(Citation: securelist rotexy 2018)

Cluster A Galaxy A Cluster B Galaxy B Level
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Out of Band Data - T1644 (ec4c4baa-026f-43e8-8f56-58c36f3162dd) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware SMS Control - T1582 (b327a9c0-e709-495c-aa6e-00b042136e2b) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591) Attack Pattern 1
Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 1
Rotexy - S0411 (0626c181-93cb-4860-9cb0-dff3b1c13063) Malware Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19) Attack Pattern 1
System Checks - T1633.001 (6ffad4be-bfe0-424f-abde-4d9a84a800ad) Attack Pattern Virtualization/Sandbox Evasion - T1633 (27d18e87-8f32-4be1-b456-39b90454360f) Attack Pattern 2
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern 2
Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern 2
Application Layer Protocol - T1437 (6a3f6490-9c44-40de-b059-e5940f246673) Attack Pattern Web Protocols - T1437.001 (2282a98b-5049-4f61-9381-55baca7c1add) Attack Pattern 2
Encrypted Channel - T1521 (ed2c05a1-4f81-4d97-9e1b-aff01c34ae84) Attack Pattern Symmetric Cryptography - T1521.001 (bb4387ab-7a51-468b-bf5f-a9a8612f0303) Attack Pattern 2
Device Lockout - T1629.002 (acf8fd2a-dc98-43b4-8d37-64e10728e591) Attack Pattern Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern 2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86) Attack Pattern 2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad) Attack Pattern GUI Input Capture - T1417.002 (4c58b7c6-a839-4789-bda9-9de33e4d4512) Attack Pattern 2
Domain Generation Algorithms - T1637.001 (fd211238-f767-4599-8c0d-9dca36624626) Attack Pattern Dynamic Resolution - T1637 (2ccc3d39-9598-4d32-9657-42e1c7095d26) Attack Pattern 2