Pulse Detail — Threat Intelligence

PULSE NAME

Rekoobe Backdoor Discovered in Open Directory, Possibly Targeting TradingView Users

WHITE ChrisTan0 2024-10-31 Modified: 2024-11-30

134

IOCs

HIGH VOLUME

A security researcher discovered an open directory hosting malware that could have been used to target TradingView users, as well as other cyber espionage and data theft campaigns.. . the BBC News website

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1027 T1102 T1083 T1080 T1036 T1134 T1021 T1003 T1041 T1059 T1071 T1082 T1105 T1140 T1203 T1486 T1566

MALWARE FAMILIES

Noodle Rekoobe

Indicators of Compromise (6 / 134 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname CVE

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	1c1b816049d66dbb9cc031b760cba438	MD5 of 28382231cbfe3bf7827c1a874b3d7f18717020ced516b747a2a1bb7598eabe0b	2024-10-31
FileHash-MD5	1125f2302b70b848aa4fac0f8e78a854	MD5 of cd39bec789b79d9ea6a642ab2ddc93121f5596de21e3b13c335ceaddb83f2083	2024-10-31
FileHash-MD5	7bdbd180c081fa63ca94f9c22c457376	MD5 of a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91	2024-10-31
FileHash-MD5	8c69830a50fb85d8a794fa46643493b2	MD5 of c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0	2024-10-31
FileHash-MD5	9375cff0413111d3b88a00104b2a6676	—	2024-10-31
FileHash-MD5	bbcf7a68f4164a9f5f5cb2d9f30d9790	—	2024-10-31

References (2)

↗ https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users#Conclusion ↗ https://cyble.com/blog/strela-stealer-targets-europe-stealthily-via-webdav/