← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Rekoobe Backdoor Discovered in Open Directory, Possibly Targeting TradingView Users
WHITE ChrisTan0 2024-10-31 Modified: 2024-11-30
134
IOCs
HIGH VOLUME
A security researcher discovered an open directory hosting malware that could have been used to target TradingView users, as well as other cyber espionage and data theft campaigns.. . the BBC News website
open directoryrekoobediscoveredstrongtradingviewip addressfigurehuntctg serverwarmlightcodemalwareaugustpythonnoodlestrela stealerzip filejavascript filewebdav serverdll filespaincommandjavascript codec servergermanypowershellwebdavaprilnextphishing
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Noodle Rekoobe
Indicators of Compromise (5 / 134 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname CVE
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 53abbdd515a31b32095a116fb7db702ddb487ccd SHA1 of 28382231cbfe3bf7827c1a874b3d7f18717020ced516b747a2a1bb7598eabe0b 2024-10-31
FileHash-SHA1 a6ae96bd91e2f40409a2fbc44a0f48e3eb53ff33 SHA1 of cd39bec789b79d9ea6a642ab2ddc93121f5596de21e3b13c335ceaddb83f2083 2024-10-31
FileHash-SHA1 a90f871f87f0ba08b84a720ded3466ebf667af5e SHA1 of bbcf7a68f4164a9f5f5cb2d9f30d9790 2024-10-31
FileHash-SHA1 bcfac98117d9a52a3196a7bd041b49d5ff0cfb8c SHA1 of a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 2024-10-31
FileHash-SHA1 e6d06bb9afaeb8aa80e62e76a26c7cffd14497f6 SHA1 of c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0 2024-10-31
References (2)
↗ https://hunt.io/blog/rekoobe-backdoor-discovered-in-open-directory-possibly-targeting-tradingview-users#Conclusion ↗ https://cyble.com/blog/strela-stealer-targets-europe-stealthily-via-webdav/