ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Retefe

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Retefe

NamesRetefe
Dok
Tsukuba
Werdlod
CategoryMalware
TypeTunneling
Description(Check Point) Once OSX/Dok infection is complete, the attackers gain complete access to all victim communication, including communication encrypted by SSL. This is done by redirecting victim traffic through a malicious proxy server.
Information<https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/>
<https://www.govcert.admin.ch/blog/33/the-retefe-saga>
<http://www.brycampbell.co.uk/new-blog/2017/4/30/retefe-and-osxdok-one-and-the-same>
<https://blog.checkpoint.com/2017/07/13/osxdok-refuses-go-away-money/>
<https://www.proofpoint.com/us/threat-insight/post/retefe-banking-trojan-leverages-eternalblue-exploit-swiss-campaigns>
<https://blog.avast.com/the-evolution-of-the-retefe-banking-trojan>
<https://threatpost.com/eternalblue-exploit-used-in-retefe-banking-trojan-campaign/128103/>
<https://github.com/cocaman/retefe>
<https://www.govcert.admin.ch/blog/35/reversing-retefe>
<https://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targets-sweden-switzerland-and-japan/>
<https://github.com/Tomasuh/retefe-unpacker>
<https://securityintelligence.com/news/retefe-banking-trojan-returns-with-smoke-loader-as-its-intermediate-loader/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/osx.retefe>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.retefe>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Retefe>

Last change to this tool card: 22 May 2020

Download this tool card in JSON format

All groups using tool Retefe

ChangedNameCountryObserved

Other groups

 Retefe Gang, Operation EmmentalRussia2013 

1 group listed (0 APT, 1 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key