# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: noodlerat

# Reference: https://intezer.com/blog-linux-rekoobe-operating-with-new-undetected-malware-samples
# Reference: https://otx.alienvault.com/pulse/5e25cfbcd7e22ce9b7d4ea71

huawel.site
7xin.bitscan.win

# Reference: https://twitter.com/r3dbU7z/status/1569027881715523585
# Reference: https://www.virustotal.com/gui/file/92efa48191c1bb2e925d29220e38acfda0f014ff7e5486a04f12e87eab708887/detection
# Reference: https://elfdigest.com/brief/92efa48191c1bb2e925d29220e38acfda0f014ff7e5486a04f12e87eab708887

43.140.251.218:8080

# Reference: https://www.virustotal.com/gui/file/50b73742726b0b7e00856e288e758412c74371ea2f0eaf75b957d73dfb396fd7/detection

45.32.106.94:443

# Reference: https://twitter.com/BaoshengbinCumt/status/1747190760917930074
# Reference: https://www.virustotal.com/gui/file/bf1b88385aebb37182421e967749f057fbefb4e4386bb47b5098abac7c70c476/detection
# Reference: https://www.virustotal.com/gui/file/ada011bd870ea06c381651c319f22030cc0f0360b3270d0d709a44049b394cc5/detection

http://103.140.186.42
kkuac.org
niupilao.vip
b.niupilao.vip
vip.niupilao.vip
hadecon.com.vn/pki.rar

# Reference: https://x.com/banthisguy9349/status/1795416436602450049

/03-23-x64.bin

# Reference: https://www.trendmicro.com/en_no/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html
# Reference: https://www.virustotal.com/gui/file/2a9636c108b33d32231f53cb7d06c51b4f5b0f64a5100c37b87a84fef9ffd1d3/detection
# Reference: https://www.virustotal.com/gui/file/22e3b2dd513930ff35c03abb6d0818391b072d595a97d192751d0ff79dc43103/detection
# Reference: https://www.virustotal.com/gui/file/2bc26a4f1156d6a115a78a65f554105d8621dbc31440b90caf489ca9cb24b694/detection
# Reference: https://www.virustotal.com/gui/file/5cda94180b245de8421f226eb516d0aa1d3fd8167ebed4fa06070dd38344cec0/detection

40.74.77.165:443
40.74.77.165:8080
40.74.77.165:81

# Reference: https://x.com/naumovax/status/1803788216924877090
# Reference: https://tria.ge/240408-nqp8bsgb46/

http://195.123.228.73
103.41.106.131:8080
103.60.148.186:10021
202.61.85.80:12345

# Reference: https://x.com/malwrhunterteam/status/1831765106533003400
# Reference: https://www.virustotal.com/gui/file/430b75daecc412e3d7c9fc66428a440e64fddd4e66a99a78842ca743eb4ee17e/detection
# Reference: https://www.virustotal.com/gui/file/4e2efb5dddc21dcb40fde667ae2b960148ac9ec7e55c4034bc49f401133685a7/detection

16.163.146.131:44568

# Reference: https://x.com/malwrhunterteam/status/1837458772794470726
# Reference: https://www.virustotal.com/gui/file/0b3f1982d1f460f59fce8dd77c860b2cc9df18758523b7cbe13b8844275c996d/detection
# Reference: https://www.virustotal.com/gui/file/00ec7c7fa996162c18dacd72ee5b1a73c93e08ed530a6793be9e547b4948bf96/detection

107.172.214.214:30012
107.172.214.214:44401
