← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT&'s Variant) - ASEC BLOG
WHITE CyberHunter_NL 2024-02-26 Modified: 2024-03-27
50
IOCs
MEDIUM VOLUME
Nood RAT is a variant of the Gh0st remote control malware developed by the C. Rufus Security Team of China, which has been used in a number of vulnerability attacks.
nood ratgh0st ratlinuxc serverkey typerc4 algorithmrc4 keyasecnoodmssqlcloud snooperkoreanrockepathformatdategh0stoverview gh0stlinux nood
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Overview Gh0st Cloud Snooper Linux Nood Nood RAT Linux Gh0st Nood
Indicators of Compromise (7 / 50 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 14fd16e6465b74c5ac4dc895f4c15bccb447af31 SHA1 of 0a35e06f53c17ab1c8e18e7e0c0821d8 2024-02-26
FileHash-SHA1 1afd03b91e73db0de7685af473530503bc9257ff SHA1 of b4910e998cf58da452f8151b71c868cb 2024-02-26
FileHash-SHA1 49c4aa2812535884bd9d3a564e7656dec150933a SHA1 of d9f00f71efabdfcca7c63d4b0805673c 2024-02-26
FileHash-SHA1 4d4bc836641840ad8b0873b07d31ce38732c4a28 SHA1 of 905c2158fadfe31850766f010e149a0f 2024-02-26
FileHash-SHA1 4fe8efef8c2e7cc3bafee19da8b223daae2242a1 SHA1 of 97db3f7676380f0baa3840ed5d5c1767 2024-02-26
FileHash-SHA1 71449bdde94afd1fe10ad68743ceba67f0975f84 SHA1 of 75838e5d481da40db2e235a6d5a222ef 2024-02-26
FileHash-SHA1 fa681933eccc1b3cae4cce6ab6f16db08c2f2a87 SHA1 of 35743db3dc333245ef5b69100721ced9 2024-02-26
References (1)
↗ https://asec.ahnlab.com/en/62144/