Dinodasrat

Malware Profile Updated 6 days ago

Download STIX

Preview STIX

DinodasRAT is a multi-platform backdoor malware written in C++ that has been identified as posing significant threats to users globally. Its Linux variant, in particular, has been singled out for its ability to target Red Hat-based distributions and Ubuntu Linux, making it a potent threat to a wide range of systems. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. In early October 2023, cybersecurity firm ESET published an article about a campaign named Operation Jacana, which was primarily targeting Windows users. Shortly after this publication, a new Linux version of DinodasRAT, also known as XDealer, was discovered. This discovery marked a significant escalation in the malware's capabilities and potential impact, given the widespread use of Linux systems around the world. The DinodasRAT Linux implant has since become a serious concern for entities worldwide. With its broad targeting of popular Linux distributions, it poses a significant risk to both individual users and organizations. Cybersecurity experts continue to monitor the situation closely and recommend that users maintain up-to-date security measures, including regular system updates and careful scrutiny of downloads, emails, and websites, to protect against this malicious software.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Bunnyloader	1	BunnyLoader is a new form of malware that has been recently identified in the cyber threat landscape. This malicious software, which is designed to exploit and damage computer systems, has been advertised as a Malware-as-a-Service (MaaS) on various cybercrime forums. It can infiltrate systems throug
gh0st RAT	1	Gh0st RAT is a notorious malware that was originally developed by the C. Rufus Security Team in China and has been widely used for cyber espionage since its code leaked in 2008. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often without the user's

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Windows

Linux

Reconnaissance

Implant

Encryption

Phishing

Eset

Ubuntu Linux

Malware

Trojan

Espionage

ISOON

Spearphishing

Maas

China

Ubuntu

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Korplug	Unspecified	3	Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in
PlugX	Unspecified	1	PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Earth Krahang	Unspecified	3	Earth Krahang is a threat actor, a term used in cybersecurity to describe an entity responsible for malicious activities. This could be an individual, a private company, or even a government organization. In the world of cybersecurity, unique names are often given to these actors to differentiate th
Mustang Panda	Unspecified	1	Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Korplug Plugx	Unspecified	1	None

Source Document References

Information about the Dinodasrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Securityaffairs	6 days ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	6 days ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	12 days ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	20 days ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	a month ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securelist	2 months ago	Malware report Q1 2024 – quarter review
Securityaffairs	2 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
CERT-EU	10 months ago	'Operation Jacana' Reveals DinodasRAT Custom Backdoor
CERT-EU	10 months ago	Guyana government subjected to suspected Chinese cyberespionage campaign
Securityaffairs	4 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	4 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Checkpoint	4 months ago	1st April – Threat Intelligence Report - Check Point Research
Checkpoint	4 months ago	Malware Spotlight: Linodas aka DinodasRAT for Linux - Check Point Research
Securityaffairs	4 months ago	Earth Krahang APT breached tens of government orgs worldwide
BankInfoSecurity	10 months ago	China-Linked APT Uses New Backdoor for Espionage in Guyana
Checkpoint	10 months ago	9th October – Threat Intelligence Report - Check Point Research
ESET	10 months ago	DinodasRAT used against governmental entity in Guayana – Week in security with Tony Anscombe