{
	"id": "5ebaa5de-6a41-4e97-bf58-d8268797f2d9",
	"created_at": "2026-04-06T00:16:23.612804Z",
	"updated_at": "2026-04-10T03:35:10.764948Z",
	"deleted_at": null,
	"sha1_hash": "65aaa1d8d2458c325330efa5bedf63d1d372f3c7",
	"title": "https://documents.trendmicro.com/assets/txt/earth-berberoka-linux-iocs-2.txt",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35835,
	"plain_text": "https://documents.trendmicro.com/assets/txt/earth-berberoka-linux-iocs-2.txt\r\nArchived: 2026-04-05 14:22:21 UTC\r\nLinux Platform\r\nSHA-256\r\n003f4431743b69894b5d7988e53a37a7bad0b9cfe4248153e477b572af081786 - Backdoor.Linux.HELLOBOT.B\r\n0f67c729100cb4872d56830ef5907448eddb9a34dac14f8ff62aece5d947c0a0 - Backdoor.Linux.HELLOBOT.B\r\n11edea24abac633b9e7b8aae0965cd9cb56834a32d73d8bfe4fd1c009755f640 - Backdoor.Linux.HELLOBOT.B\r\n18698365a4ba96d1a918f61b988291fc9eed80615518a72826b0bb92c6c90a06\r\n1901008555ebe8cbd511f9e9dac40d59286556a46a372532bc124cfe231d9689 - Backdoor.Linux.HELLOBOT.B\r\n2dd033d67ebed75bc5a2de24835bfd2440df98e4f3dc946b385cad6992e1aafe - Backdoor.Linux.HELLOBOT.B\r\n466bfc2f13ca97dc805f6d48d28a8a1b96d250f919b3e9cc8d55b88bf24c3ecc - Backdoor.Linux.HELLOBOT.B\r\n51371a402a13a4cdff55c79d52f2e560c46ca72ce7b4edf9ae55a721448a4512 - Backdoor.Linux.HELLOBOT.B\r\n575d44db142d2ef2e280ecfafeacd4eb9e6562102426032080584e769086d774 - Backdoor.Linux.HELLOBOT.B\r\n5bf94e591b100f7006d10197008675f3db3862e8bbef6e88107063cb6c858122 - Backdoor.Linux.HELLOBOT.B\r\n68196d13e1e5e900eb6cffdbf5517c564905440fe76b0197ff44a505b4f48c13 - Backdoor.Linux.HELLOBOT.B\r\n69fa10bf283474ca53295e0a7eff2fc07373092c1031581b748dce8aef7b6aea - Backdoor.Linux.HELLOBOT.B\r\n6cc526fb8cd43f38011b46a2c0aea9905bd1ba554d2c4df950b370a95d0eda8d - Backdoor.Linux.HELLOBOT.B\r\n70c3fd8ac880ffab91db3c81456639f226cf9a7ec8a851ad72406d7ddcc629d9 - Backdoor.Linux.HELLOBOT.B\r\n778ee62d1df9f7bf5183e1d2f95ec4036bf5be80074ca333f4d4e85bee937c1c - Backdoor.Linux.HELLOBOT.B\r\n79b8b383c848bbf940111eca00ddc47a0e8e9ac74ac006077cecb925a971d618 - Backdoor.Linux.HELLOBOT.B\r\n79efad9e9b272a2cea0d328a881c7f6a1933b41a7d1468549dfc60c83a31037f - Backdoor.Linux.HELLOBOT.B\r\n8388c17ce29399175c60bf689358e033eb03a696007e5856725bd0c205629436 - Backdoor.Linux.HELLOBOT.B\r\n951c97fa34c0f84d85ab7b9879860444f57e58d685156abe3d2a9a2f502fae7d - Backdoor.Linux.HELLOBOT.B\r\n960459363583458fa220540eb84cb73af157b03f835b4bf34b986ee4c3afe704 - Trojan.Linux.XNOTE.A\r\n9f40d4d53222e229a58c20473abaef7c0648c19fd0f13eb0f9ec841ed18f6ff3 - Trojan.Linux.XNOTE.A\r\na5047dfc3e89935b982c4b5df91b56ae5e9d0bb557f84ef791352e54ab0077c2 - Trojan.Linux.XNOTE.A\r\na7776eb4512d08e594854215aead32c4480091a7ca14870b793c290f1e36cfdb - Trojan.Linux.XNOTE.A\r\nb26ec8e98e05dc54779c1c91a9cf31aa40d757569074346548facdddd79c02fb - Trojan.Linux.XNOTE.A\r\nb33fb600d46309bafd31d3b056bbba816f5bac0f1024e774530f6c4320d3c5c2 - Trojan.Linux.XNOTE.A\r\nbc7e80232e28c680a585c3cc1125fb10862d338e5a4b94cdfdfb954df451621d - Trojan.Unix.TOBOXHELL.A\r\nc718d73ffbc182c2799f3999326486c93cd59d1e04b9676edf955a1324522a2c - Trojan.Unix.TOBOXHELL.A\r\nca23b21cfd1fff75c3acec4c74020cfe013393983b997b3a7178f2e969b4a7bf - Trojan.Linux.PATPOOTY.AA\r\nd890db7136f72fa367aff0d1550f04034232a2fa3d97bae3a6516e3d5dcad056 - Trojan.Linux.PATPOOTY.AA\r\ne74632e3f010bce10de73b34f4dee68054207d7b12b1a0cf1820ce833e1b5991 - Trojan.Linux.PATPOOTY.AA\r\neadd6ea80e727f78e91093097b4297a88a59100fcc19299b5ce4b5280db27cdc - Trojan.Linux.PATPOOTY.AA\r\nebb8985880e911db8a498e20a269a00c07dbcfde2d077e88fe4b9d78a4deed7e - Trojan.Linux.PATPOOTY.AA\r\nec42e1562fab95d0fbc86b3980cc392e368b50a4a150a2258d4293e4de1bc730 - Trojan.Linux.PATPOOTY.AA\r\nf646eb1685da341ccb3c1d5e4a14ae93f3271a84232708ee7234b44d4a834251 - Trojan.Linux.PATPOOTY.AA\r\nfb5434ff3030214c672226c52bc6883bf55c3129a5ee9b78ef5b2c773f8a1101 - Trojan.Linux.PATPOOTY.AA\r\nhttps://documents.trendmicro.com/assets/txt/earth-berberoka-linux-iocs-2.txt\r\nPage 1 of 2\n\nfd0f0841c8502dc03689ebb64dd9764e3772fc91400d1d2c9e81530bf5ad0b0f - Trojan.Linux.REKOOBE.A\r\n---------------------------------------------\r\nIn-the-wild URLs\r\nhttp://42[.]200.181.116/java\r\nhttp://d[.]github.wiki/dust/amazon-hk\r\n---------------------------------------------\r\nC\u0026C\r\n1.googie[.]ph:10050\r\n1.googie[.]ph:1723\r\n1.googie[.]ph:443\r\n139[.]5.202[.]82:443\r\n2.googie[.]ph:1723\r\n2.googie[.]ph:443\r\n3.googie[.]ph:5432\r\nbos.github[.]wiki:443\r\ndarknet.rootkit[.]tools:8443\r\ndust.github[.]wiki\r\ngb.googie[.]ph:443\r\nhkdust[.]github.wiki\r\nlinux[.]daj8.me:80\r\nlinux[.]shopingchina.net:80\r\nlinux[.]wy01.com:443\r\nlinux[.]wy01.vip\r\nlinux1[.]shopingchina.net:80\r\nrootkit[.]tools\r\nrootkit[.]tools:443\r\nyabo[.]googie.ph:443\r\nSource: https://documents.trendmicro.com/assets/txt/earth-berberoka-linux-iocs-2.txt\r\nhttps://documents.trendmicro.com/assets/txt/earth-berberoka-linux-iocs-2.txt\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://documents.trendmicro.com/assets/txt/earth-berberoka-linux-iocs-2.txt"
	],
	"report_names": [
		"earth-berberoka-linux-iocs-2.txt"
	],
	"threat_actors": [
		{
			"id": "452d2d74-e812-45d6-b0fe-b8a6cc4ebd01",
			"created_at": "2022-10-25T16:07:23.562676Z",
			"updated_at": "2026-04-10T02:00:04.662064Z",
			"deleted_at": null,
			"main_name": "Earth Berberoka",
			"aliases": [
				"GamblingPuppet"
			],
			"source_name": "ETDA:Earth Berberoka",
			"tools": [
				"Agent.dhwf",
				"AngryRebel",
				"AsyncRAT",
				"CinaRAT",
				"Destroy RAT",
				"DestroyRAT",
				"Farfli",
				"Gh0st RAT",
				"Ghost RAT",
				"Kaba",
				"Korplug",
				"Moudour",
				"Mydoor",
				"PCRat",
				"PlugX",
				"PuppetLoader",
				"Quasar RAT",
				"QuasarRAT",
				"RedDelta",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"Trochilus RAT",
				"Xamtrav",
				"Yggdrasil",
				"oRAT"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "2664d6f5-f918-4978-87f8-f6afad7402c6",
			"created_at": "2023-01-06T13:46:39.393669Z",
			"updated_at": "2026-04-10T02:00:03.312065Z",
			"deleted_at": null,
			"main_name": "Earth Berberoka",
			"aliases": [
				"GamblingPuppet"
			],
			"source_name": "MISPGALAXY:Earth Berberoka",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434583,
	"ts_updated_at": 1775792110,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/65aaa1d8d2458c325330efa5bedf63d1d372f3c7.pdf",
		"text": "https://archive.orkl.eu/65aaa1d8d2458c325330efa5bedf63d1d372f3c7.txt",
		"img": "https://archive.orkl.eu/65aaa1d8d2458c325330efa5bedf63d1d372f3c7.jpg"
	}
}