APT / THREAT GROUP

Rekoobe

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

A Trojan for Linux intended to infect machines with the SPARC architecture and Intel x86, x86-64 computers. The Trojan’s configuration data is stored in a file encrypted with XOR algorithm.

Some versions have there configuration stored within the .data section using RC4 to encrypt the details.

Configuration options include C2 IP and Port, as well as defence evasion details for changing the process name.

Threat Analysis

Rekoobe is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning Rekoobe

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

Rekoobeelf.rekoobe

External Intelligence

Malpedia: elf.rekoobe

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.