Tool: RocketMan| Names | RocketMan | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (Kaspersky) We call this Trojan RocketMan after the string the developer uses for beaconing. Another string inside this malware is “TrumpTower”, used as an RC4 encryption initial vector. This malware reads the C2 IP and port from the registry where it was saved by the previous stager. It processes the following commands from its C2 that are received encrypted over HTTP: | |
| Information | <https://securelist.com/turla-renews-its-arsenal-with-topinambour/91687/> | |
Last change to this tool card: 19 April 2020
Download this tool card in JSON format
Previous: ROCKBOOT
Next: RockLoader
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Turla, Waterbug, Venomous Bear |  | 1996-Feb 2021 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |