Retefe
Description
(Check Point) Once OSX/Dok infection is complete, the attackers gain complete access to all victim communication, including communication encrypted by SSL. This is done by redirecting victim traffic through a malicious proxy server.
Names
| Name |
|---|
| Retefe |
| Dok |
| Tsukuba |
| Werdlod |
Category
Malware
Type
- Tunneling
Information
- https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
- https://www.govcert.admin.ch/blog/33/the-retefe-saga
- http://www.brycampbell.co.uk/new-blog/2017/4/30/retefe-and-osxdok-one-and-the-same
- https://blog.checkpoint.com/2017/07/13/osxdok-refuses-go-away-money/
- https://www.proofpoint.com/us/threat-insight/post/retefe-banking-trojan-leverages-eternalblue-exploit-swiss-campaigns
- https://blog.avast.com/the-evolution-of-the-retefe-banking-trojan
- https://threatpost.com/eternalblue-exploit-used-in-retefe-banking-trojan-campaign/128103/
- https://github.com/cocaman/retefe
- https://www.govcert.admin.ch/blog/35/reversing-retefe
- https://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targets-sweden-switzerland-and-japan/
- https://github.com/Tomasuh/retefe-unpacker
- https://securityintelligence.com/news/retefe-banking-trojan-returns-with-smoke-loader-as-its-intermediate-loader/
Mitre Attack
Malpedia
- https://malpedia.caad.fkie.fraunhofer.de/details/osx.retefe
- https://malpedia.caad.fkie.fraunhofer.de/details/win.retefe
Alienvault Otx
Other Information
Uuid
7816abd3-afe2-413c-a0f8-5c080d92ed82
Last Card Change
2022-12-30