EXPLORE
Sign In
← Back to Actors

Rocke

Rocke

[Rocke](https://attack.mitre.org/groups/G0106) is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking, or stealing victim system resources for the purposes of mining cryptocurrency. The name [Rocke](https://attack.mitre.org/groups/G0106) comes from the email address "rocke@live.cn" used to create the wallet which held collected cryptocurrency. Researchers have detected overlaps between [Rocke](https://attack.mitre.org/groups/G0106) and the Iron Cybercrime Group, though this attribution has not been confirmed.(Citation: Talos Rocke August 2018)

39
Techniques
39
Covered
0
Gaps
100%
Coverage
Coverage39/39

COVERED (39)

T1014Rootkit30 det.T1018Remote System Discovery50 det.T1021.004SSH34 det.T1027Obfuscated Files or Information561 det.T1027.002Software Packing1 det.T1027.004Compile After Delivery10 det.T1036.005Match Legitimate Resource Name or Location44 det.T1037Boot or Logon Initialization Scripts25 det.T1046Network Service Discovery51 det.T1053.003Cron28 det.T1055.002Portable Executable Injection6 det.T1057Process Discovery20 det.T1059.004Unix Shell155 det.T1059.006Python49 det.T1070.002Clear Linux or Mac System Logs8 det.T1070.004File Deletion42 det.T1070.006Timestomp10 det.T1071Application Layer Protocol104 det.T1071.001Web Protocols80 det.T1082System Information Discovery86 det.T1102Web Service34 det.T1102.001Dead Drop Resolver7 det.T1105Ingress Tool Transfer183 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application216 det.T1222.002Linux and Mac Permissions18 det.T1496.001Compute Hijacking2 det.T1518.001Security Software Discovery10 det.T1543.002Systemd Service12 det.T1547.001Registry Run Keys / Startup Folder53 det.T1552.004Private Keys22 det.T1562.001Disable or Modify Tools311 det.T1562.004Disable or Modify System Firewall48 det.T1564.001Hidden Files and Directories25 det.T1571Non-Standard Port16 det.T1574.006Dynamic Linker Hijacking24 det.T1685Disable or Modify Tools278 det.T1685.006Clear Linux or Mac System Logs4 det.T1686Disable or Modify System Firewall19 det.