RotBot

Description

(Talos) RotBot, the QuasarRAT client variant, in its initial execution phase, performs several detection evasion checks on the victim machine and conducts system reconnaissance. RotBot then connects to a host on a legitimate domain, likely controlled by the threat actor, and downloads the configuration file for the RotBot to connect to the C2. CoralRaider uses the Telegram bot as the C2 channel in this campaign.

Names

Name
RotBot

Type

Reconnaissance
Backdoor
Keylogger
Credential stealer
Info stealer
Exfiltration
Tunneling

Information

https://blog.talosintelligence.com/coralraider-targets-socialmedia-accounts/

Other Information

Uuid

91ca3e5f-03e7-47da-bf4b-b1d8832ae694

Last Card Change

2024-06-18

Threat Intelligence Garden

Explorer

RotBot

RotBot

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks