Noabot

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
NoaBot is a sophisticated malware variant that primarily targets Linux systems, utilizing a cryptominer to exploit system resources. It is based on the Mirai botnet, a notorious malware strain known for its ability to compromise Internet of Things (IoT) devices. NoaBot has most of the capabilities of the original Mirai botnet, including a scanner module and an attacker module, and the ability to conceal its process name. However, a key difference lies in the method of spreading; NoaBot uses SSH-based spreaders as opposed to the Telnet-based spreaders used by Mirai. This shift enhances NoaBot's effectiveness, as it also employs a different credential dictionary for its SSH scanner, introducing post-breach capabilities such as installing a new SSH-authorized key as a backdoor. The infiltration of NoaBot predominantly occurs through two main channels: HTTP/S transfers and email attachments. The SafeBreach reports #9462 and #9461 document the transfer of NoaBot miner over HTTP/S, indicating both initial infiltration and lateral movement within networks. Additionally, reports #9464 and #9463 detail how NoaBot can be sent as a compressed attachment via email, serving as another infiltration method and a means for lateral movement across systems. NoaBot's advanced capabilities and versatile attack vectors pose a significant threat to Linux systems. Its ability to download and execute additional binaries or propagate itself to new victims amplifies its potential damage. Organizations are advised to maintain robust security measures, including up-to-date antivirus software, regular system patching, and employee training to recognize suspicious downloads, emails, or websites.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Mirai
1
Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Linux
Worm
Trojan
Botnet
Backdoor
Antivirus
Malware
Cryptominer
SSH
Akamai
Ddos
Gbhackers
Infiltration
Lateral_move...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Mirai BotnetUnspecified
1
The Mirai botnet is a type of malware that exploits vulnerabilities in systems to create a network of infected devices, often without the user's knowledge. This botnet was first discovered in 2016 and has since been associated with several large-scale Distributed Denial of Service (DDoS) attacks. Th
P2pinfectUnspecified
1
P2Pinfect is a sophisticated and evolving malware that has been causing significant security concerns. Initially, it was designed to target routers and Internet of Things (IoT) devices, exploiting their vulnerabilities to infiltrate networks and spread its malicious activities. However, recent devel
XmrigUnspecified
1
XMRig is a type of malware that is particularly harmful to computer systems and devices. It infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Noabot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware
CERT-EU
4 months ago
New Linux Malware Alert: 'Spinning YARN' Hits Docker, other Key Apps
CERT-EU
4 months ago
New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain
CERT-EU
4 months ago
ALPHV Blackcat, GCP-Native Attacks, Bandook RAT, NoaBot Miner, Ivanti Secure Vulnerabilities, and More: Hacker’s Playbook Threat Coverage Round-up: February 2024
CERT-EU
6 months ago
Les vulnérabilités critiques à suivre (15 janvier 2024) • Cybersécurité OSINT
CERT-EU
6 months ago
Cyber Security Week In Review: January 12, 2024
CERT-EU
6 months ago
NoaBot Pwns Hundreds of SSH Servers as Crypto Miners
CERT-EU
6 months ago
Novel Mirai-based botnet targets Linux devices with cryptominer
CERT-EU
6 months ago
Mirai-Based NoaBot Launches a DDoS Attack on Linux Devices
CERT-EU
6 months ago
Forescout Report Uncovers New Details in Danish Energy Hack
CERT-EU
6 months ago
Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer
CERT-EU
6 months ago
‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer
CERT-EU
6 months ago
NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining
CERT-EU
6 months ago
Linux Devices Are Under Attack By a Never-Before-Seen Worm - Slashdot