Names | RocketMan | |
Category | Malware | |
Type | Backdoor | |
Description | (Kaspersky) We call this Trojan RocketMan after the string the developer uses for beaconing. Another string inside this malware is “TrumpTower”, used as an RC4 encryption initial vector. This malware reads the C2 IP and port from the registry where it was saved by the previous stager. It processes the following commands from its C2 that are received encrypted over HTTP: | |
Information | <https://securelist.com/turla-renews-its-arsenal-with-topinambour/91687/> |
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
Previous: ROCKBOOT
Next: RockLoader
Changed | Name | Country | Observed | ||
APT groups | |||||
Tomiris | [Unknown] | 2020 | |||
Turla, Waterbug, Venomous Bear | 1996-Dec 2023 |
2 groups listed (2 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |