Noodle RAT

Malware Profile Updated a month ago
Download STIX
Preview STIX
Noodle RAT, also known as ANGRYREBEL or Nood RAT, is a new strain of malware that has been active since at least 2018. This malicious software, used by Chinese-speaking groups for espionage or cybercrime, was introduced in a Botconf 2024 presentation by Trend Micro Research. The Windows version of Noodle RAT has connections to Gh0st RAT, a malware strain developed by the C. Rufus Security Team in China, whose code leaked in 2008. Noodle RAT is a relatively simple backdoor deployed in two versions: a Windows one called Win.NOODLERAT and a Linux one called Linux.NOODLERAT. In 2024, samples of Noodle RAT were found uploaded on Virus Total, indicating its probable ongoing usage. A technical analysis by Trend Micro's threat intelligence team revealed the initialization process, communication with command and control (C2) servers, backdoor control methods, and features of the C2 server for both versions of Noodle RAT. Despite some similarities with Rekoobe or Tiny SHell, Linux.NOODLERAT's unique code led Trend Micro to classify it as a distinct malware family. Since 2020, Noodle RAT has been utilized in espionage campaigns targeting countries such as Thailand, India, Japan, Malaysia, and Taiwan. An ELF backdoor reported in these campaigns was identified by Trend Micro's threat intelligence team as a new malware strain, which they named Noodle RAT. Given its continued detection and evolving capabilities, cybersecurity experts warn of its potential threat to both individual users and organizations.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
win.noodlerat
2
Win.NOODLERAT is a malware variant that functions as a backdoor into infected systems, allowing unauthorized access and control. It is part of the Noodle RAT family, which has two versions: one for Windows (Win.NOODLERAT) and another for Linux (Linux.NOODLERAT). This malicious software infiltrates s
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Rat
Malware
Linux
Windows
Cybercrime
Trojan
Encryption
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
gh0st RATUnspecified
2
Gh0st RAT is a notorious malware that was originally developed by the C. Rufus Security Team in China and has been widely used for cyber espionage since its code leaked in 2008. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often without the user's
Gh0stcringeUnspecified
1
Gh0stCringe is a variant of Gh0st RAT, a notorious malware that has been used in numerous cyber attacks. This malicious software is designed to exploit and damage computers or devices by infiltrating the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once in
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Noodle RAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Trend Micro
a month ago
Noodle RAT Reviewing the New Backdoor Used by Chinese-Speaking Groups
InfoSecurity-magazine
a month ago
Chinese Hackers Leveraging 'Noodle RAT' Backdoor