SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.rotajakiro (Back to overview)

RotaJakiro

Actor(s): APT32


RotaJakiro is a stealthy Linux backdoor which remained undetected between 2018 and 2021.
The malware uses rotating encryption to encrypt the resource information within the sample, and C2 communication, using a combination of AES, XOR, ROTATE encryption and ZLIB compression.

References
2021-05-06360 netlabAlex Turing
@online{turing:20210506:rotajakiro:3e85531, author = {Alex Turing}, title = {{RotaJakiro, the Linux version of the OceanLotus}}, date = {2021-05-06}, organization = {360 netlab}, url = {https://blog.netlab.360.com/rotajakiro_linux_version_of_oceanlotus/}, language = {English}, urldate = {2021-05-08} } RotaJakiro, the Linux version of the OceanLotus
RotaJakiro
2021-04-29DomainToolsChad Anderson
@online{anderson:20210429:domaintools:d9fc32c, author = {Chad Anderson}, title = {{DomainTools And Digital Archeology: A Look At RotaJakiro}}, date = {2021-04-29}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/domaintools-and-digital-archeology-a-look-at-rotajakiro}, language = {English}, urldate = {2021-05-04} } DomainTools And Digital Archeology: A Look At RotaJakiro
RotaJakiro
2021-04-28360 netlabAlex Turing, Hui Wang
@online{turing:20210428:rotajakiro:3d85cc1, author = {Alex Turing and Hui Wang}, title = {{RotaJakiro: A long live secret backdoor with 0 VT detection}}, date = {2021-04-28}, organization = {360 netlab}, url = {https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/}, language = {English}, urldate = {2021-05-04} } RotaJakiro: A long live secret backdoor with 0 VT detection
RotaJakiro

There is no Yara-Signature yet.