G0106

RockeRocke

Also known as: Aged Libra · Rocke

Known aliases
2

Profile

This threat actor initially came to our attention in April 2018, leveraging both Western and Chinese Git repositories to deliver malware to honeypot systems vulnerable to an Apache Struts vulnerability. In late July, we became aware that the same actor was engaged in another similar campaign. Through our investigation into this new campaign, we were able to uncover more details about the actor.

Aliases· 2

Aged LibraRocke

MITRE ATT&CK Group crosswalk

G0106

References

  1. https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html
  2. https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/
  3. https://www.intezer.com/blog-technical-analysis-cryptocurrency-mining-war-on-the-cloud/
  4. https://unit42.paloaltonetworks.com/atoms/agedlibra/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Returned Libra
Actor
Pickaxe
Actor
Earth Lusca
Actor
RuskiNet
Actor
Copy-Paste
Actor
Tick
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.