RotaJakiro (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

elf.rotajakiro (Back to overview)

RotaJakiro

Actor(s): APT32

RotaJakiro is a stealthy Linux backdoor which remained undetected between 2018 and 2021.
The malware uses rotating encryption to encrypt the resource information within the sample, and C2 communication, using a combination of AES, XOR, ROTATE encryption and ZLIB compression.

References

2021-05-06 ⋅ 360 netlab ⋅ Alex Turing
RotaJakiro, the Linux version of the OceanLotus
RotaJakiro

2021-04-29 ⋅ DomainTools ⋅ Chad Anderson
DomainTools And Digital Archeology: A Look At RotaJakiro
RotaJakiro

2021-04-28 ⋅ 360 netlab ⋅ Alex Turing, Hui Wang
RotaJakiro: A long live secret backdoor with 0 VT detection
RotaJakiro

There is no Yara-Signature yet.

RotaJakiro Propose Change

References

RotaJakiro