Rectifyq📃Title: Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups
📅Date: 2024-06-11
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: malware-analysis
- target: broad-based
- MY-relevancy: relevant
- action-taken: diamond-model
🔖MISP Galaxies:
- producer Trend-Micro
- malpedia=“Nood RAT”
- malpedia=“ANGRYREBEL”
- threat-actor APT27
- threat-actor Calypso
- target-information=“India”
- target-information=“Japan”
- target-information=“Malaysia”
- target-information=“Thailand”
- target-information=“Taiwan”
- mitre-attack-pattern=[]
MISP event uuid: dc2f7910-970e-4fcf-959c-3af92d852962
Indicator of Compromise (IoCs)
type,value,comment
sha256, cf543c6d4fb03ebc0a00a8ebe89511af713817878351a2bccfc62a1cc4ac0b3f, 'package of server-side of Noodle RAT for Linux v1.0.1'
sha256, cde4ca499282045eecd4fc15ac80a232294556a59b3c8c8a7a593e8333cfd3c7, 'Builder of Noodle RAT for Linux v1.0.1'
sha256, 479e3ef28d3c70b110ff993086e4518f4a5a6fb8285b530350ad2bcd6d0bb192, 'Control Panel of Noodle RAT for Linux v1.0.1'
sha256, 53338d643052bb2082f1370c21a21ff41ee1e6f43b3bd937519d7c9a491aeb13, 'Builder of Noodle RAT for Linux v1.0.2'
sha256, c49371cd8dd33f725a780ea179e6281f5cb7f42e84a00836c8fe3350b7b9b2d0, 'Noodle RAT for Linux type 0x03A2'
sha256, a8db92a8f34caa5084a3fdb8a683a1854bff84612dfd25a965bc12a454a38556, 'Noodle RAT for Linux type 0x03A2'
sha256, 678edc2ea9473b02a13e9fc7557f6c7172f0f00f4237e2da91a6766c53db1d3d, 'Noodle RAT for Linux type 0x03A2'
sha256, 275d63587f3ac511d7cca5ff85af2914e74d8b68edd5a7a8a1609426d5b7f6a9, 'Noodle RAT for Linux type 0x03A2'
sha256, 5cda94180b245de8421f226eb516d0aa1d3fd8167ebed4fa06070dd38344cec0, 'Noodle RAT for Linux type 0x03A2'
sha256, 61f34459815eb403ec841246a4277d825dcd25700baad867b61ec3166d034825, 'Noodle RAT for Linux type 0x03A2'
sha256, 67e60fca3d28dcae09b74ffd62f5efe462700b6d2b3334d519e4caac55820df0, 'Noodle RAT for Linux type 0x03A2'
sha256, 3bff2c5bfc24fc99d925126ec6beb95d395a85bc736a395aaf4719c301cbbfd4, 'Noodle RAT for Linux type 0x03A2'
sha256, 88b4904a582522d9a91fb4ad616adbd432c556b17427cfb177c8205f484792ba, 'Noodle RAT for Linux type 0x03A2'
sha256, bf5ea570bf4d18e60dd758a2461fbdf73a500dbd179e458aca81d65b5d9155e1, 'Noodle RAT for Linux type 0x03A2'
sha256, 7440a7b56d3670d4204a57974fa76ae76ca78168bb181640f565976d192cc159, 'Noodle RAT for Linux type 0x03A2'
sha256, 1e9add97a289de7f5679aceace7a3a39437a33254ac9c217d9a530e9369f60be, 'Noodle RAT for Linux type 0x23F8'
sha256, cac63e105d73d59c7f83779005ada0a4d3f7fb072cfc2c9590b64fe3896d2e3e, 'Noodle RAT for Linux type 0x03A2'
sha256, 5b4c421edb3571dbc7d581596a9ac952e453394b30132dec8e390ec561cd4abb, 'Noodle RAT for Linux type 0x03A2'
sha256, 3893f8a44a2d1fef45354984f3c6906ae8627c6f0c489f6f14e8da03197312ae, 'Noodle RAT for Linux type 0x23F8'
sha256, 0153c9e22428f08597fe87cb8bd6664f6481e05bbf4e3d4174f44d2524446bdb, 'Noodle RAT for Linux type 0x23F8'
sha256, c4fb9757ed6db6ab2bd4253cb8a1542a590443654260f2b947c288d5717487d6, 'Noodle RAT for Linux type 0x23F8'
sha256, 70b19172b743973a45f5d707d4eec4f8508d41aa684516f1fb8c75bec59d02bb, 'Noodle RAT for Linux type 0x23F8'
sha256, 96231be4cc6cf256eebd828af4338588272ea478c609a7f16a03bdf1a61dd431, 'Noodle RAT for Linux type 0x23F8'
sha256, bf553e82119e2483d36eff51cf152861938c584749ebc005d4d612876277b787, 'Noodle RAT for Linux type 0x23F8'
sha256, 7b07b722091d9658fe106448b6e1c6b7484d7b7d163ddeb19132174973b62759, 'Noodle RAT for Linux type 0x03A2'
sha256, b21f4039707eb4fc40ad1a7ed10be753ab3922c4a60bde819dcd74d44fef991d, 'Noodle RAT for Linux type 0x03A2'
sha256, 4c4d51b377faebf61f95663765e622eb652866ab9cc7e9964a5d02f4dc0b53d3, 'Noodle RAT for Linux type 0x03A2'
sha256, b24e160843d96c6d75452d6f4e379b73a417fc821b26ca85d740ca0a499615ab, 'Noodle RAT for Linux type 0x23F8'
sha256, e5fb5a3b8663fbb2686caf88fdb3362115dc0f0bf9cc5d32d1e42c00aa6660b4, 'Noodle RAT for Linux type 0x03A2'
sha256, d17d964cacb063a6fe685d6e5e7dbc02c597de51b46c994f0aadb56c3bf96f13, 'Noodle RAT for Linux type 0x23F8'
sha256, ba45dfa8e6b86140e526959c8568824ddd743d418231440d48740e76a33610ea, 'Noodle RAT for Linux type 0x03A2'
sha256, 1c2bbab6c496b66b108dc810649c19319655a2246f7fc6cf2a0911f5d73f2f3a, 'Noodle RAT for Linux type 0x03A2'
sha256, 14f9a20356fc0e1806524057e8366d994831e3568cf438694a5c4d5463c25010, 'Noodle RAT for Linux type 0x03A2'
sha256, 7e7bfe7e83867defa9280c8bce98cabcd0e6410cac7cc9a1baa88131b4a263b1, 'Noodle RAT for Linux type 0x03A2'
sha256, 45b3d192ed79541a9711c16c7d73bd4d0a74598ecb7b56416f8754fb5d6feb56, 'Noodle RAT for Linux type 0x03A2'
sha256, 53cebf50348e4507e92d23cfe3bbc87d6bf50e06962462d036542c37a50a23c1, 'Noodle RAT for Linux type 0x03A2'
sha256, a27d133f6a1bd72285f021403082dc8e47180fe56e88b274f474459088857603, 'Noodle RAT for Linux type 0x03A2'
sha256, 4198efb00840f440d96987518bd80dbc90cde3023bc8c2b0aae456af07875405, 'Noodle RAT for Linux type 0x03A2'
sha256, abdbbc10467421b93fe1df6da0de70a4d454adcced1bfc6c1cebf1207fba93db, 'Noodle RAT for Linux type 0x23F8'
sha256, bcac1d42c39932fb20f571655cd1bbe507c3fddda63d4f0ea8986a3dd5265f41, 'Noodle RAT for Linux type 0x03A2'
sha256, 68389b48c6f15b6da7f2d78c0864d6b9b9135f6ace3564d29b26f5dc9b5d6313, 'Noodle RAT for Linux type 0x03A2'
sha256, bf1b88385aebb37182421e967749f057fbefb4e4386bb47b5098abac7c70c476, 'Noodle RAT for Linux type 0x03A2'
sha256, 1a9ff06ac18f57a6382fdae54bf8735a6ad7d9c9f1f9aa0dfff0e3e828f1820b, 'Noodle RAT for Linux type 0x03A2'
sha256, 15f3536ac33588444cf6a632f17c74ee0ee8777d0d2166206222b4d5f66de715, 'Noodle RAT for Linux type 0x23F8'
sha256, ca2200ef6ce1abc37e5778b40e9b14031b81014560dae9c6a16fd7ba948c7656, 'Noodle RAT for Linux type 0x23F8'
sha256, bbcfc826f614433ff1b7c8031349cf5b411d868b07259eca9c19cd5af772b85e, 'Noodle RAT for Linux type 0x23F8'
sha256, 6933a01980378c2160740e5cecaba29530555e3d65bd89ef80db49419a419f8d, 'Noodle RAT for Linux type 0x03A2'
sha256, 5dac572374cb40561ea5dbc0dfc963d863f08862a0bd33fdac6ac8d0aa180ada, 'Noodle RAT for Linux type 0x03A2'
sha256, 24a827336a1f942925fd57e763109e3a83b1a5762c077c1e80bd057bb1b15bad, 'Noodle RAT for Linux type 0x03A2'
Full IOCs available in Rectifyq's MISP```