← Back to Actors
Rocke
Rocke
[Rocke](https://attack.mitre.org/groups/G0106) is an alleged Chinese-speaking adversary whose primary objective appeared to be cryptojacking, or stealing victim system resources for the purposes of mining cryptocurrency. The name [Rocke](https://attack.mitre.org/groups/G0106) comes from the email address "rocke@live.cn" used to create the wallet which held collected cryptocurrency. Researchers have detected overlaps between [Rocke](https://attack.mitre.org/groups/G0106) and the Iron Cybercrime Group, though this attribution has not been confirmed.(Citation: Talos Rocke August 2018)
39
Techniques
39
Covered
0
Gaps
100%
Coverage
Coverage39/39
COVERED (39)
T1014Rootkit30 det.T1018Remote System Discovery51 det.T1021.004SSH35 det.T1027Obfuscated Files or Information606 det.T1027.002Software Packing2 det.T1027.004Compile After Delivery10 det.T1036.005Match Legitimate Resource Name or Location45 det.T1037Boot or Logon Initialization Scripts26 det.T1046Network Service Discovery51 det.T1053.003Cron29 det.T1055.002Portable Executable Injection6 det.T1057Process Discovery21 det.T1059.004Unix Shell165 det.T1059.006Python51 det.T1070.002Clear Linux or Mac System Logs8 det.T1070.004File Deletion43 det.T1070.006Timestomp10 det.T1071Application Layer Protocol112 det.T1071.001Web Protocols81 det.T1082System Information Discovery86 det.T1102Web Service35 det.T1102.001Dead Drop Resolver8 det.T1105Ingress Tool Transfer184 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application227 det.T1222.002Linux and Mac Permissions18 det.T1496.001Compute Hijacking2 det.T1518.001Security Software Discovery10 det.T1543.002Systemd Service13 det.T1547.001Registry Run Keys / Startup Folder53 det.T1552.004Private Keys23 det.T1562.001Disable or Modify Tools316 det.T1562.004Disable or Modify System Firewall48 det.T1564.001Hidden Files and Directories25 det.T1571Non-Standard Port17 det.T1574.006Dynamic Linker Hijacking24 det.T1685Disable or Modify Tools279 det.T1685.006Clear Linux or Mac System Logs4 det.T1686Disable or Modify System Firewall19 det.