Rectifyq📃Title: Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups
📅Date: 2024-06-11
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: malware-analysis
- target: broad-based
- MY-relevancy: relevant
- action-taken: diamond-model
🔖MISP Galaxies:
- producer= Trend-Micro
- malpedia=“Nood RAT”
- malpedia=“ANGRYREBEL”
- threat-actor= APT27
- threat-actor= Calypso
- target-information=“India”
- target-information=“Japan”
- target-information=“Malaysia”
- target-information=“Thailand”
- target-information=“Taiwan”
- mitre-attack-pattern=[]
MISP event uuid: dc2f7910-970e-4fcf-959c-3af92d852962
Indicator of Compromise (IoCs)
type,value,comment
md5, 4f5297c564c8f0064e7db65864198025, 'package of server-side of Noodle RAT for Linux v1.0.1'
md5, 025a32835eb8647147ed1bbf64c37fa5, 'Builder of Noodle RAT for Linux v1.0.1'
md5, 6728b74d5b30d2db8436f0c9f64684f1, 'Control Panel of Noodle RAT for Linux v1.0.1'
md5, cb131b05dc3e42fad5caeadccbee378b, 'Builder of Noodle RAT for Linux v1.0.2'
md5, ecac141c99e8cef83389203b862b24fd, 'Noodle RAT for Linux type 0x03A2'
md5, 67c8235ac0861c8622ac2ddb1f5c4a18, 'Noodle RAT for Linux type 0x03A2'
md5, c1eebf2d4f441226770276110d1e5cf2, 'Noodle RAT for Linux type 0x03A2'
md5, 0a35e06f53c17ab1c8e18e7e0c0821d8, 'Noodle RAT for Linux type 0x03A2'
md5, b42018c5fba4758ac46eb2c39344a020, 'Noodle RAT for Linux type 0x03A2'
md5, f9eece34b6574236f067fa1a1782cdc0, 'Noodle RAT for Linux type 0x03A2'
md5, 7d631e5b0c78805dd5d440cce788d25b, 'Noodle RAT for Linux type 0x03A2'
md5, 35743db3dc333245ef5b69100721ced9, 'Noodle RAT for Linux type 0x03A2'
md5, 7038782f110e67d001b2cf466e13e391, 'Noodle RAT for Linux type 0x03A2'
md5, 8457f71c6a5fe83bb513d1dfba99271a, 'Noodle RAT for Linux type 0x03A2'
md5, 905c2158fadfe31850766f010e149a0f, 'Noodle RAT for Linux type 0x03A2'
md5, 256a871f1f968650291eef92428ee9de, 'Noodle RAT for Linux type 0x23F8'
md5, f61a68097d5cf8cf74a9c97c33e5e626, 'Noodle RAT for Linux type 0x03A2'
md5, e8007e15550a69ad8fd60d06c6d36385, 'Noodle RAT for Linux type 0x03A2'
md5, 5c2ccc619d798792761ef68a395aae70, 'Noodle RAT for Linux type 0x23F8'
md5, b2082e3f5e6197d414a2462c5fb13baa, 'Noodle RAT for Linux type 0x23F8'
md5, af93633c61e209de7f9029deac21ff5a, 'Noodle RAT for Linux type 0x23F8'
md5, 3477735428e24922b3301eefc1063039, 'Noodle RAT for Linux type 0x23F8'
md5, fc85419f3b2afc89154700dd8cf37576, 'Noodle RAT for Linux type 0x23F8'
md5, d312073a10e8d1fede43cfd18c6f3517, 'Noodle RAT for Linux type 0x23F8'
md5, 5b380c95f25b76ccd55eb791c6558abe, 'Noodle RAT for Linux type 0x03A2'
md5, c440bd814be37fac669567131c4ba996, 'Noodle RAT for Linux type 0x03A2'
md5, 7d3ea628fce3146fccb722acc95544c4, 'Noodle RAT for Linux type 0x03A2'
md5, fc931bb1973782c4be015ef6e169edea, 'Noodle RAT for Linux type 0x23F8'
md5, a15ebd19cac42b0297858018da62b1be, 'Noodle RAT for Linux type 0x03A2'
md5, 4f3afdcfff8f7994b7d3d3fbaa6858b4, 'Noodle RAT for Linux type 0x23F8'
md5, 4961fcc2e3cc23c340aa0af9c4046131, 'Noodle RAT for Linux type 0x03A2'
md5, 6b1b7e89c6e566de97cadcf3323ae77f, 'Noodle RAT for Linux type 0x03A2'
md5, 1da6fd699c882bf8869f7d3cc1631589, 'Noodle RAT for Linux type 0x03A2'
md5, 10d18727af7e27d151a535f414ada48e, 'Noodle RAT for Linux type 0x03A2'
md5, c069dfb0fb72a5b27281122e6235fff2, 'Noodle RAT for Linux type 0x03A2'
md5, 0a987eb2301a54e485568774572df16d, 'Noodle RAT for Linux type 0x03A2'
md5, d070c32b8fffa9919164f66e01db7c1c, 'Noodle RAT for Linux type 0x03A2'
md5, a5b525b8e76cf78c0e5087d6e01f3825, 'Noodle RAT for Linux type 0x03A2'
md5, 2bd87810926c1cde5eca7763bf9713ad, 'Noodle RAT for Linux type 0x23F8'
md5, 68d06dc6e17f56cc2d9baf3a7b877a54, 'Noodle RAT for Linux type 0x03A2'
md5, 3141313bc5b70844ccc6a27b489a5854, 'Noodle RAT for Linux type 0x03A2'
md5, b4910e998cf58da452f8151b71c868cb, 'Noodle RAT for Linux type 0x03A2'
md5, 0ed2756943a137496e0bed7d6dbc6be4, 'Noodle RAT for Linux type 0x03A2'
md5, 035f83018cf96f5e1f6817ccd39fc0b6, 'Noodle RAT for Linux type 0x23F8'
md5, 163b0498e445979df78bad5b6bc2bbb9, 'Noodle RAT for Linux type 0x23F8'
md5, a73fb1a8c04b7767f0e7587a866440f7, 'Noodle RAT for Linux type 0x23F8'
md5, 5d2a08b3376eec11c6cee70daa287f1b, 'Noodle RAT for Linux type 0x03A2'
md5, 29459f059235825f2f70eef8811a249f, 'Noodle RAT for Linux type 0x03A2'
md5, 20f5d15c505603a544aaa72664d53f5e, 'Noodle RAT for Linux type 0x03A2'
sha256, cf543c6d4fb03ebc0a00a8ebe89511af713817878351a2bccfc62a1cc4ac0b3f, 'package of server-side of Noodle RAT for Linux v1.0.1'
sha256, cde4ca499282045eecd4fc15ac80a232294556a59b3c8c8a7a593e8333cfd3c7, 'Builder of Noodle RAT for Linux v1.0.1'
sha256, 479e3ef28d3c70b110ff993086e4518f4a5a6fb8285b530350ad2bcd6d0bb192, 'Control Panel of Noodle RAT for Linux v1.0.1'
sha256, 53338d643052bb2082f1370c21a21ff41ee1e6f43b3bd937519d7c9a491aeb13, 'Builder of Noodle RAT for Linux v1.0.2'
sha256, c49371cd8dd33f725a780ea179e6281f5cb7f42e84a00836c8fe3350b7b9b2d0, 'Noodle RAT for Linux type 0x03A2'
sha256, a8db92a8f34caa5084a3fdb8a683a1854bff84612dfd25a965bc12a454a38556, 'Noodle RAT for Linux type 0x03A2'
sha256, 678edc2ea9473b02a13e9fc7557f6c7172f0f00f4237e2da91a6766c53db1d3d, 'Noodle RAT for Linux type 0x03A2'
sha256, 275d63587f3ac511d7cca5ff85af2914e74d8b68edd5a7a8a1609426d5b7f6a9, 'Noodle RAT for Linux type 0x03A2'
sha256, 5cda94180b245de8421f226eb516d0aa1d3fd8167ebed4fa06070dd38344cec0, 'Noodle RAT for Linux type 0x03A2'
sha256, 61f34459815eb403ec841246a4277d825dcd25700baad867b61ec3166d034825, 'Noodle RAT for Linux type 0x03A2'
sha256, 67e60fca3d28dcae09b74ffd62f5efe462700b6d2b3334d519e4caac55820df0, 'Noodle RAT for Linux type 0x03A2'
sha256, 3bff2c5bfc24fc99d925126ec6beb95d395a85bc736a395aaf4719c301cbbfd4, 'Noodle RAT for Linux type 0x03A2'
sha256, 88b4904a582522d9a91fb4ad616adbd432c556b17427cfb177c8205f484792ba, 'Noodle RAT for Linux type 0x03A2'
sha256, bf5ea570bf4d18e60dd758a2461fbdf73a500dbd179e458aca81d65b5d9155e1, 'Noodle RAT for Linux type 0x03A2'
sha256, 7440a7b56d3670d4204a57974fa76ae76ca78168bb181640f565976d192cc159, 'Noodle RAT for Linux type 0x03A2'
sha256, 1e9add97a289de7f5679aceace7a3a39437a33254ac9c217d9a530e9369f60be, 'Noodle RAT for Linux type 0x23F8'
sha256, cac63e105d73d59c7f83779005ada0a4d3f7fb072cfc2c9590b64fe3896d2e3e, 'Noodle RAT for Linux type 0x03A2'
sha256, 5b4c421edb3571dbc7d581596a9ac952e453394b30132dec8e390ec561cd4abb, 'Noodle RAT for Linux type 0x03A2'
sha256, 3893f8a44a2d1fef45354984f3c6906ae8627c6f0c489f6f14e8da03197312ae, 'Noodle RAT for Linux type 0x23F8'
sha256, 0153c9e22428f08597fe87cb8bd6664f6481e05bbf4e3d4174f44d2524446bdb, 'Noodle RAT for Linux type 0x23F8'
sha256, c4fb9757ed6db6ab2bd4253cb8a1542a590443654260f2b947c288d5717487d6, 'Noodle RAT for Linux type 0x23F8'
sha256, 70b19172b743973a45f5d707d4eec4f8508d41aa684516f1fb8c75bec59d02bb, 'Noodle RAT for Linux type 0x23F8'
sha256, 96231be4cc6cf256eebd828af4338588272ea478c609a7f16a03bdf1a61dd431, 'Noodle RAT for Linux type 0x23F8'
sha256, bf553e82119e2483d36eff51cf152861938c584749ebc005d4d612876277b787, 'Noodle RAT for Linux type 0x23F8'
sha256, 7b07b722091d9658fe106448b6e1c6b7484d7b7d163ddeb19132174973b62759, 'Noodle RAT for Linux type 0x03A2'
sha256, b21f4039707eb4fc40ad1a7ed10be753ab3922c4a60bde819dcd74d44fef991d, 'Noodle RAT for Linux type 0x03A2'
sha256, 4c4d51b377faebf61f95663765e622eb652866ab9cc7e9964a5d02f4dc0b53d3, 'Noodle RAT for Linux type 0x03A2'
sha256, b24e160843d96c6d75452d6f4e379b73a417fc821b26ca85d740ca0a499615ab, 'Noodle RAT for Linux type 0x23F8'
sha256, e5fb5a3b8663fbb2686caf88fdb3362115dc0f0bf9cc5d32d1e42c00aa6660b4, 'Noodle RAT for Linux type 0x03A2'
sha256, d17d964cacb063a6fe685d6e5e7dbc02c597de51b46c994f0aadb56c3bf96f13, 'Noodle RAT for Linux type 0x23F8'
sha256, ba45dfa8e6b86140e526959c8568824ddd743d418231440d48740e76a33610ea, 'Noodle RAT for Linux type 0x03A2'
sha256, 1c2bbab6c496b66b108dc810649c19319655a2246f7fc6cf2a0911f5d73f2f3a, 'Noodle RAT for Linux type 0x03A2'
sha256, 14f9a20356fc0e1806524057e8366d994831e3568cf438694a5c4d5463c25010, 'Noodle RAT for Linux type 0x03A2'
sha256, 7e7bfe7e83867defa9280c8bce98cabcd0e6410cac7cc9a1baa88131b4a263b1, 'Noodle RAT for Linux type 0x03A2'
sha256, 45b3d192ed79541a9711c16c7d73bd4d0a74598ecb7b56416f8754fb5d6feb56, 'Noodle RAT for Linux type 0x03A2'
sha256, 53cebf50348e4507e92d23cfe3bbc87d6bf50e06962462d036542c37a50a23c1, 'Noodle RAT for Linux type 0x03A2'
sha256, a27d133f6a1bd72285f021403082dc8e47180fe56e88b274f474459088857603, 'Noodle RAT for Linux type 0x03A2'
sha256, 4198efb00840f440d96987518bd80dbc90cde3023bc8c2b0aae456af07875405, 'Noodle RAT for Linux type 0x03A2'
sha256, abdbbc10467421b93fe1df6da0de70a4d454adcced1bfc6c1cebf1207fba93db, 'Noodle RAT for Linux type 0x23F8'
sha256, bcac1d42c39932fb20f571655cd1bbe507c3fddda63d4f0ea8986a3dd5265f41, 'Noodle RAT for Linux type 0x03A2'
sha256, 68389b48c6f15b6da7f2d78c0864d6b9b9135f6ace3564d29b26f5dc9b5d6313, 'Noodle RAT for Linux type 0x03A2'
sha256, bf1b88385aebb37182421e967749f057fbefb4e4386bb47b5098abac7c70c476, 'Noodle RAT for Linux type 0x03A2'
sha256, 1a9ff06ac18f57a6382fdae54bf8735a6ad7d9c9f1f9aa0dfff0e3e828f1820b, 'Noodle RAT for Linux type 0x03A2'
sha256, 15f3536ac33588444cf6a632f17c74ee0ee8777d0d2166206222b4d5f66de715, 'Noodle RAT for Linux type 0x23F8'
sha256, ca2200ef6ce1abc37e5778b40e9b14031b81014560dae9c6a16fd7ba948c7656, 'Noodle RAT for Linux type 0x23F8'
sha256, bbcfc826f614433ff1b7c8031349cf5b411d868b07259eca9c19cd5af772b85e, 'Noodle RAT for Linux type 0x23F8'
sha256, 6933a01980378c2160740e5cecaba29530555e3d65bd89ef80db49419a419f8d, 'Noodle RAT for Linux type 0x03A2'
sha256, 5dac572374cb40561ea5dbc0dfc963d863f08862a0bd33fdac6ac8d0aa180ada, 'Noodle RAT for Linux type 0x03A2'
sha256, 24a827336a1f942925fd57e763109e3a83b1a5762c077c1e80bd057bb1b15bad, 'Noodle RAT for Linux type 0x03A2'
Full IOCs available in Rectifyq’s MISP