Noodle RAT

Malware updated a month ago (2024-11-29T14:21:09.908Z)
Download STIX
Preview STIX
Noodle RAT, also known as ANGRYREBEL or Nood RAT, is a new strain of malware that has been active since at least 2018. This malicious software, used by Chinese-speaking groups for espionage or cybercrime, was introduced in a Botconf 2024 presentation by Trend Micro Research. The Windows version of Noodle RAT has connections to Gh0st RAT, a malware strain developed by the C. Rufus Security Team in China, whose code leaked in 2008. Noodle RAT is a relatively simple backdoor deployed in two versions: a Windows one called Win.NOODLERAT and a Linux one called Linux.NOODLERAT. In 2024, samples of Noodle RAT were found uploaded on Virus Total, indicating its probable ongoing usage. A technical analysis by Trend Micro's threat intelligence team revealed the initialization process, communication with command and control (C2) servers, backdoor control methods, and features of the C2 server for both versions of Noodle RAT. Despite some similarities with Rekoobe or Tiny SHell, Linux.NOODLERAT's unique code led Trend Micro to classify it as a distinct malware family. Since 2020, Noodle RAT has been utilized in espionage campaigns targeting countries such as Thailand, India, Japan, Malaysia, and Taiwan. An ELF backdoor reported in these campaigns was identified by Trend Micro's threat intelligence team as a new malware strain, which they named Noodle RAT. Given its continued detection and evolving capabilities, cybersecurity experts warn of its potential threat to both individual users and organizations.
Description last updated: 2024-06-13T09:45:17.202Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
win.noodlerat is a possible alias for Noodle RAT. Win.NOODLERAT is a malware variant that functions as a backdoor into infected systems, allowing unauthorized access and control. It is part of the Noodle RAT family, which has two versions: one for Windows (Win.NOODLERAT) and another for Linux (Linux.NOODLERAT). This malicious software infiltrates s
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Backdoor
Malware
Linux
Cybercrime
Windows
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The gh0st RAT Malware is associated with Noodle RAT. Gh0st RAT is a malicious software (malware) that has been in use for over 15 years. It is an open-source remote access tool known for exploiting vulnerabilities in systems, most notably the PHP flaw which it targeted within 24 hours of disclosure. This malware was observed as part of Operation DiploUnspecified
2
Source Document References
Information about the Noodle RAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Trend Micro
6 months ago
InfoSecurity-magazine
6 months ago