RotaJakiro
MITRE
Tipo Malware:
Other
Other
Prima attivita:
Unknown
Unknown
Ultima attivita:
Unknown
Unknown
Dettagli:
[RotaJakiro](https://attack.mitre.org/software/S1078) is a 64-bit Linux backdoor used by [APT32](https://attack.mitre.org/groups/G0050). First seen in 2018, it uses a plugin architecture to extend capabilities. [RotaJakiro](https://attack.mitre.org/software/S1078) can determine it's permission level and execute according to access type (`root` or `user`).(Citation: RotaJakiro 2021 netlab360 analysis)(Citation: netlab360 rotajakiro vs oceanlotus)
Tecniche Associate (17)
| ID | ATT&CK | Tattiche |
|---|---|---|
| T1036.005 | Match Legitimate Resource Name or Location | - |
| T1037 | Boot or Logon Initialization Scripts | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1057 | Process Discovery | - |
| T1082 | System Information Discovery | - |
| T1095 | Non-Application Layer Protocol | - |
| T1106 | Native API | - |
| T1119 | Automated Collection | - |
| T1129 | Shared Modules | - |
| T1132.001 | Standard Encoding | - |
| T1140 | Deobfuscate/Decode Files or Information | - |
| T1543.002 | Systemd Service | - |
| T1546.004 | Unix Shell Configuration Modification | - |
| T1547.013 | XDG Autostart Entries | - |
| T1559 | Inter-Process Communication | - |
Usato da Attori (1)
Metadata
| ID: | 32 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |