Rocke is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking, or stealing victim system resources for the purposes of mining cryptocurrency. The name Rocke comes from the email address "firstname.lastname@example.org" used to create the wallet which held collected cryptocurrency. Researchers have detected overlaps between Rocke and the Iron Cybercrime Group, though this attribution has not been confirmed.
|Enterprise||VT0012||.001||Command and Scripting Interpreter: Unix Shell|
|Enterprise||VT0003||Exploit Public-Facing Application|
|Enterprise||VT0024||Network Service Scanning|
|Enterprise||VT0020||.001||Remote Services: SSH|
|Enterprise||VT0034||Remote System Discovery||
Rocke looks for IP addresses in the
|Enterprise||VT0017||.004||Unsecured Credentials: Private Keys|
- Liebenberg, D.. (2018, August 30). Rocke: The Champion of Monero Miners. Retrieved May 26, 2020.
- MITRE ATT&CK
- Xingyu, J.. (2019, January 17). Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products. Retrieved May 26, 2020.
- Anomali Labs. (2019, March 15). Rocke Evolves Its Arsenal With a New Malware Family Written in Golang. Retrieved April 24, 2019.
Created: 16 March 2021
Last Modified: 16 March 2021