SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.rotajakiro (Back to overview)

RotaJakiro

Actor(s): APT32


RotaJakiro is a stealthy Linux backdoor which remained undetected between 2018 and 2021.
The malware uses rotating encryption to encrypt the resource information within the sample, and C2 communication, using a combination of AES, XOR, ROTATE encryption and ZLIB compression.

References
2021-05-06360 netlabAlex Turing
RotaJakiro, the Linux version of the OceanLotus
RotaJakiro
2021-04-29DomainToolsChad Anderson
DomainTools And Digital Archeology: A Look At RotaJakiro
RotaJakiro
2021-04-28360 netlabAlex Turing, Hui Wang
RotaJakiro: A long live secret backdoor with 0 VT detection
RotaJakiro

There is no Yara-Signature yet.