RocketMan

Description

(Kaspersky) We call this Trojan RocketMan after the string the developer uses for beaconing. Another string inside this malware is “TrumpTower”, used as an RC4 encryption initial vector.

This malware reads the C2 IP and port from the registry where it was saved by the previous stager. It processes the following commands from its C2 that are received encrypted over HTTP:

Names

Name
RocketMan

Type

Backdoor

Information

https://securelist.com/turla-renews-its-arsenal-with-topinambour/91687/

Other Information

Uuid

64c28fe2-1597-4b3a-b877-818e2687cd67

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

RocketMan

RocketMan

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks