{
  "name": "Noodlophile Stealer Evolves: Targeted Copyright Phishing Hits Enterprises with Social Media Footprints",
  "slug": "noodlophile-stealer-evolves-targeted-copyright-phishing-hits-enterprises-with-social-media-footprints",
  "description": "The Noodlophile Stealer, first detailed in our previous analysis (New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms), has evolved into a highly targeted threat exploiting enterprises with significant Facebook footprints.",
  "published": "2025-08-19T19:53:36+00:00",
  "created_at": "2025-08-19T19:53:36+00:00",
  "modified_at": "2025-08-19T20:20:59+00:00",
  "created_at_opencti": "2025-08-19T19:53:36+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-08-19",
    "ai video",
    "dll sideloading",
    "facebook",
    "morphisec",
    "new noodlophile",
    "noodlophile",
    "persistence",
    "python",
    "select",
    "spear",
    "telegram",
    "web data"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "196.251.84.144"
      },
      {
        "id": "",
        "name": "15.235.172.219"
      },
      {
        "id": "",
        "name": "160.25.232.62"
      },
      {
        "id": "",
        "name": "http://196.251.84.144/suc/zk2.txt"
      },
      {
        "id": "",
        "name": "http://196.251.84.144/suc/And_st.txt"
      },
      {
        "id": "",
        "name": "http://160.25.232.62/vmeo/getlink?id=bee02h"
      },
      {
        "id": "",
        "name": "http://160.25.232.62/bee/BEE02_H.txt"
      },
      {
        "id": "",
        "name": "http://15.235.172.219/vmeo/link/dcaathur.txt"
      },
      {
        "id": "",
        "name": "http://15.235.172.219/vmeo/getlink?id=dcaathur"
      },
      {
        "id": "",
        "name": "fac94a650cd57b9e8da397816fa8ddd3217dd568eaba1e46909640cbf2f0a29c"
      },
      {
        "id": "",
        "name": "d0b0551e8988a9f81b80933ec68efabb47cd12acaeffa79c42564863424a376e"
      },
      {
        "id": "",
        "name": "ce69fa159fb53c9a7375ef66153d94480c9a284e373ce8bf22953268f21b2eb2"
      },
      {
        "id": "",
        "name": "c213a15add88e8c1cbb06fc4690c02046fa74027848bcb97c7d961ffc21155c6"
      },
      {
        "id": "",
        "name": "b3aa210a51e19dd003d35721a18b7fb5c0741dce01dd7725ff610de4adf0a8f2"
      },
      {
        "id": "",
        "name": "af2dfa1fcd055aaf0c818f49c7c4f4370629ac6eecadbcd532a1149a7e01ec11"
      },
      {
        "id": "",
        "name": "a05cf0002a135ade9771a1aa48109cc8aa104e7afa1c56af998f9aba2a1e3f05"
      },
      {
        "id": "",
        "name": "a6647dd104487deb71674c64d8a2b03843cd3d32ee2c9a63cc3ea506d8b00552"
      },
      {
        "id": "",
        "name": "9f2205e06231cf53824421aa09e6a43d5a9c5513618e08e4eaacfd94b91c5e61"
      },
      {
        "id": "",
        "name": "95d964efc32dd04b5ae05bfc251ce470e8c418398efc97697f41807f33e7390d"
      },
      {
        "id": "",
        "name": "844c2ee464ef5cdc79c2de52eb544c55e1f9bf7ded2c2f0e44bed263f04daa42"
      },
      {
        "id": "",
        "name": "69d6582d7550817f792f3287fa91788e7b9252b63d81a380a5e1ca9aa0629150"
      },
      {
        "id": "",
        "name": "693789e4b9fb280fa32541e9a548b7fefd98775b8f075e370464db3764bb15b9"
      },
      {
        "id": "",
        "name": "707223112e8ced786e7d1ed43224e73606b3e2efec615bb3a22fe8cc11d3bb54"
      },
      {
        "id": "",
        "name": "5ad456333451fcbd69977a62d4728b1fc8b5bdebee763d2b6725226078daeaf8"
      },
      {
        "id": "",
        "name": "3c3cee4579e78c9d39b96804815c71c7a2de17951e08d703197c9c7ed20ab9f3"
      },
      {
        "id": "",
        "name": "320555e241025b8427e1a3ccfc62f0c5a2347cfd86d29f33709192e2e9cbbac2"
      },
      {
        "id": "",
        "name": "2e610c97e5bae10966811b78fc9e700117123b6a12953bf819ced9b25eb9a507"
      },
      {
        "id": "",
        "name": "0ba36c80167919a98cffc002cf6819d3f5e117207e901aebd13e3ea54387e51f"
      }
    ],
    "malware": [
      {
        "id": "5f037ebe-256b-4b0c-82d8-e20a7598d928",
        "name": "Noodlophile",
        "slug": "noodlophile"
      }
    ],
    "attack_patterns": [
      {
        "id": "b63bc0df-8e11-42ed-a9a9-13e19b148dbf",
        "name": "T1073"
      },
      {
        "id": "df7b69c8-916a-4f71-a053-b1a5684439db",
        "name": "T1503"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://www.morphisec.com/blog/noodlophile-stealer-evolves-targeted-copyright-phishing-hits-enterprises-with-social-media-footprints/",
    "https://otx.alienvault.com/pulse/68a4f2609ccc8bd3337dfda6"
  ]
}