Remote Access Trojan

Rekoobe

First seen: 2015 • Status: active

Currently Active Threat

Rekoobe is a hidden door into Linux servers that spies use to secretly access victim networks.

Overview

Rekoobe is a Linux backdoor used in APT campaigns targeting Asian organizations. It masquerades as a legitimate service and uses encrypted communications.

Also Known As

Rebook

How It Spreads

  • Targeted exploitation
  • Spear phishing
  • Supply chain compromise

What It Does

  • Backdoor access
  • Command execution
  • File operations
  • Encrypted C2

Is your business exposed?

Target Platforms

Linux

Detection Tips

  • Monitor for suspicious service masquerading
  • Check for encrypted outbound traffic
  • Analyze unusual process behavior
  • Review service configurations

MITRE ATT&CK Techniques

T1059, T1105, T1573, T1036

If You're Infected

  1. 1.

    Identify and remove Rekoobe

  2. 2.

    Investigate APT presence

  3. 3.

    Reset compromised systems

  4. 4.

    Engage threat intelligence team

Related Malware

Plugx, Shadowpad, Winnti

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices