| SYMBOL | COMMON_NAME | aka. SYNONYMS |
This threat actor initially came to our attention in April 2018, leveraging both Western and Chinese Git repositories to deliver malware to honeypot systems vulnerable to an Apache Struts vulnerability. In late July, we became aware that the same actor was engaged in another similar campaign. Through our investigation into this new campaign, we were able to uncover more details about the actor.
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Aged Libra Xbash Rocke |
| 2021-02-03
⋅
Seguranca Informatica
⋅
New cryptojacking malware called Pro-Ocean is now attacking Apache, Oracle and Redis servers Pro-Ocean |
| 2021-01-28
⋅
Palo Alto Networks Unit 42
⋅
Pro-Ocean: Rocke Group’s New Cryptojacking Malware Pro-Ocean |
| 2019-09-11
⋅
Talos Intelligence
⋅
Watchbog and the Importance of Patching kerberods |
| 2019-05-28
⋅
Fortinet
⋅
Threat Research: New Rocke Variant Ready to Box Any Mining Challengers kerberods |
| 2019-05-09
⋅
Intezer
⋅
Technical Analysis: Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud GreedyAntd Pacha Group Rocke |
| 2019-05-07
⋅
SANS ISC InfoSec Forums
⋅
Vulnerable Apache Jenkins exploited in the wild kerberods |
| 2019-05-07
⋅
Trend Micro
⋅
CVE-2019-3396 Redux: Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit kerberods |
| 2019-03-15
⋅
Anomali
⋅
Rocke Evolves Its Arsenal With a New Malware Family Written in Golang kerberods |
| 2019-01-17
⋅
Palo Alto Networks Unit 42
⋅
Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products Rocke |
| 2018-08-30
⋅
Cisco Talos
⋅
Rocke: The Champion of Monero Miners Rocke |