Noabot

Malware updated 4 months ago (2024-05-04T20:30:40.468Z)

Download STIX

Preview STIX

NoaBot is a sophisticated malware variant that primarily targets Linux systems, utilizing a cryptominer to exploit system resources. It is based on the Mirai botnet, a notorious malware strain known for its ability to compromise Internet of Things (IoT) devices. NoaBot has most of the capabilities of the original Mirai botnet, including a scanner module and an attacker module, and the ability to conceal its process name. However, a key difference lies in the method of spreading; NoaBot uses SSH-based spreaders as opposed to the Telnet-based spreaders used by Mirai. This shift enhances NoaBot's effectiveness, as it also employs a different credential dictionary for its SSH scanner, introducing post-breach capabilities such as installing a new SSH-authorized key as a backdoor. The infiltration of NoaBot predominantly occurs through two main channels: HTTP/S transfers and email attachments. The SafeBreach reports #9462 and #9461 document the transfer of NoaBot miner over HTTP/S, indicating both initial infiltration and lateral movement within networks. Additionally, reports #9464 and #9463 detail how NoaBot can be sent as a compressed attachment via email, serving as another infiltration method and a means for lateral movement across systems. NoaBot's advanced capabilities and versatile attack vectors pose a significant threat to Linux systems. Its ability to download and execute additional binaries or propagate itself to new victims amplifies its potential damage. Organizations are advised to maintain robust security measures, including up-to-date antivirus software, regular system patching, and employee training to recognize suspicious downloads, emails, or websites.

Description last updated: 2024-05-04T17:03:18.263Z

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Noabot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	6 months ago	Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware
CERT-EU	6 months ago	New Linux Malware Alert: 'Spinning YARN' Hits Docker, other Key Apps
CERT-EU	6 months ago	New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain
CERT-EU	6 months ago	ALPHV Blackcat, GCP-Native Attacks, Bandook RAT, NoaBot Miner, Ivanti Secure Vulnerabilities, and More: Hacker’s Playbook Threat Coverage Round-up: February 2024
CERT-EU	8 months ago	Les vulnérabilités critiques à suivre (15 janvier 2024) • Cybersécurité OSINT
CERT-EU	8 months ago	Cyber Security Week In Review: January 12, 2024
CERT-EU	8 months ago	NoaBot Pwns Hundreds of SSH Servers as Crypto Miners
CERT-EU	8 months ago	Novel Mirai-based botnet targets Linux devices with cryptominer
CERT-EU	8 months ago	Mirai-Based NoaBot Launches a DDoS Attack on Linux Devices
CERT-EU	8 months ago	Forescout Report Uncovers New Details in Danish Energy Hack
CERT-EU	8 months ago	Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer
CERT-EU	8 months ago	‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer
CERT-EU	8 months ago	NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining
CERT-EU	8 months ago	Linux Devices Are Under Attack By a Never-Before-Seen Worm - Slashdot