APT / THREAT GROUP
Rekoobe
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
A Trojan for Linux intended to infect machines with the SPARC architecture and Intel x86, x86-64 computers. The Trojan’s configuration data is stored in a file encrypted with XOR algorithm.
Some versions have there configuration stored within the .data section using RC4 to encrypt the details.
Configuration options include C2 IP and Port, as well as defence evasion details for changing the process name.
Threat Analysis
Rekoobe is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Rekoobe
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
The Hacker News· Feb 27, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
Rekoobeelf.rekoobe
External Intelligence
Malpedia: elf.rekoobeResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.