Dinodasrat

Malware Profile Updated 2 days ago
Download STIX
Preview STIX
DinodasRAT is a novel malware variant that has been causing significant disruption worldwide, particularly targeting Linux users. The malicious software first came to light during a cyber-espionage campaign against a governmental entity in Guyana, which was discovered in February 2023. This campaign involved phishing emails related to Guyanese politics, which contained links that, when clicked, triggered the download of a ZIP file containing DinodasRAT from a compromised Vietnamese government website. The malware earned its name due to the use of "Din" at the beginning of each victim identifier it sends to the attackers, a string similar to the name of the hobbit Dinodas Brandybuck from The Lord of the Rings. Once inside a system, DinodasRAT exhibits sophisticated behavior, moving laterally throughout the internal network. It has been used to exfiltrate files, manipulate Windows registry keys, and execute commands, according to an analysis by ESET. To conceal its activities, DinodasRAT employs the Tiny encryption algorithm, locking away its communications and data theft operations from detection. Each sample of this cross-platform backdoor embeds a string containing the malware's internal version, further demonstrating its advanced design. The threat posed by DinodasRAT extends beyond Guyana. In October 2023, suspected Chinese hackers were reported to have launched a cyberespionage campaign involving DinodasRAT and another backdoor known as Korplug, targeting multiple government agencies in Guyana. These campaigns are linked to Mustang Panda and other China-associated threat operations, indicating a broader geopolitical dimension to the attacks. As such, DinodasRAT represents not only a significant cybersecurity concern but also a potential instrument of state-level espionage.
What's your take? (Question 1 of 5)
85689d30-7694-435a-991f-b1b4f74804af Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Linux
Windows
Encryption
Eset
Phishing
Implant
Reconnaissance
Malware
Ubuntu Linux
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
KorplugUnspecified
3
Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Earth KrahangUnspecified
3
Earth Krahang, an Advanced Persistent Threat (APT) group, has been identified as a significant threat actor in the cybersecurity landscape. This entity, possibly linked to Chinese state hacking contractor iSoon, has been responsible for breaching numerous government organizations worldwide. Trend Mi
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dinodasrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Operation Jacana: They’re taking the hobbits to Guyana
Securelist
2 months ago
Analysis of DinodasRAT Linux implant
Securityaffairs
2 months ago
DinodasRAT Linux variant targets users worldwide
BankInfoSecurity
2 months ago
DinodasRAT Backdoor Targeting Linux Machines Worldwide
Checkpoint
2 months ago
Malware Spotlight: Linodas aka DinodasRAT for Linux - Check Point Research
CERT-EU
8 months ago
'Operation Jacana' Reveals DinodasRAT Custom Backdoor
BankInfoSecurity
8 months ago
China-Linked APT Uses New Backdoor for Espionage in Guyana
Securityaffairs
a month ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU
8 months ago
Guyana government subjected to suspected Chinese cyberespionage campaign
CERT-EU
8 months ago
Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack
Securityaffairs
23 days ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
ESET
8 months ago
DinodasRAT used against governmental entity in Guayana – Week in security with Tony Anscombe
Securityaffairs
2 days ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Checkpoint
2 months ago
1st April – Threat Intelligence Report - Check Point Research
Securityaffairs
2 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
CERT-EU
8 months ago
New Red Cross hacktivism guidelines derided by threat actors
Securityaffairs
2 months ago
Earth Krahang APT breached tens of government orgs worldwide
Checkpoint
8 months ago
9th October – Threat Intelligence Report - Check Point Research