Rocke

OriginChina

Techniques (MITRE ATT&CK)36

SourceMITRE ATT&CK

Vexday analysis

Rocke é um adversário de origem chinesa cujo principal objetivo identificado é o cryptojacking — isto é, o uso não autorizado de recursos computacionais das vítimas para mineração de criptomoedas. O nome do grupo deriva do endereço de e-mail "rocke@live.cn", utilizado para criar a carteira onde as criptomoedas obtidas eram armazenadas. Pesquisadores identificaram sobreposições entre o Rocke e o Iron Cybercrime Group, embora essa atribuição não tenha sido confirmada. O grupo está catalogado no MITRE ATT&CK como G0106, com 36 técnicas documentadas e 4 CVEs atribuídas à sua atuação.

Techniques (MITRE ATT&CK) 36

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Initial access

Exploit Public-Facing Application

Execution

Cron Unix Shell Python

Persistence

Boot or Logon Initialization Scripts Systemd Service Registry Run Keys / Startup Folder

Credential access

Private Keys

Discovery

Remote System Discovery Network Service Discovery Process Discovery System Information Discovery Security Software Discovery

Lateral movement

SSH

Command and control

Application Layer Protocol Web Protocols Web Service Dead Drop Resolver Ingress Tool Transfer Non-Standard Port

Impact

Compute Hijacking

defense-impairment

Linux and Mac Permissions Disable or Modify Tools Clear Linux or Mac System Logs Disable or Modify System Firewall

stealth

Rootkit Obfuscated Files or Information Software Packing Compile After Delivery Match Legitimate Resource Name or Location Portable Executable Injection File Deletion Timestomp Deobfuscate/Decode Files or Information Hidden Files and Directories Dynamic Linker Hijacking

Exploited vulnerabilities 4

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2017-10271HIGHEPSS 100%KEV CVE-2014-7169CRITICALEPSS 100%KEV CVE-2017-3066CRITICALEPSS 91%KEV CVE-2016-6662EPSS 68%

Rocke uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →