Noodle RAT

Malware updated 3 months ago (2024-08-14T18:17:39.387Z)

Download STIX

Preview STIX

Noodle RAT, also known as ANGRYREBEL or Nood RAT, is a new strain of malware that has been active since at least 2018. This malicious software, used by Chinese-speaking groups for espionage or cybercrime, was introduced in a Botconf 2024 presentation by Trend Micro Research. The Windows version of Noodle RAT has connections to Gh0st RAT, a malware strain developed by the C. Rufus Security Team in China, whose code leaked in 2008. Noodle RAT is a relatively simple backdoor deployed in two versions: a Windows one called Win.NOODLERAT and a Linux one called Linux.NOODLERAT. In 2024, samples of Noodle RAT were found uploaded on Virus Total, indicating its probable ongoing usage. A technical analysis by Trend Micro's threat intelligence team revealed the initialization process, communication with command and control (C2) servers, backdoor control methods, and features of the C2 server for both versions of Noodle RAT. Despite some similarities with Rekoobe or Tiny SHell, Linux.NOODLERAT's unique code led Trend Micro to classify it as a distinct malware family. Since 2020, Noodle RAT has been utilized in espionage campaigns targeting countries such as Thailand, India, Japan, Malaysia, and Taiwan. An ELF backdoor reported in these campaigns was identified by Trend Micro's threat intelligence team as a new malware strain, which they named Noodle RAT. Given its continued detection and evolving capabilities, cybersecurity experts warn of its potential threat to both individual users and organizations.

Description last updated: 2024-06-13T09:45:17.202Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
win.noodlerat is a possible alias for Noodle RAT. Win.NOODLERAT is a malware variant that functions as a backdoor into infected systems, allowing unauthorized access and control. It is part of the Noodle RAT family, which has two versions: one for Windows (Win.NOODLERAT) and another for Linux (Linux.NOODLERAT). This malicious software infiltrates s	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Rat

Backdoor

Malware

Linux

Cybercrime

Windows

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The gh0st RAT Malware is associated with Noodle RAT. Gh0st RAT is a malicious software (malware) that has been in use for over 15 years. It is an open-source remote access tool known for exploiting vulnerabilities in systems, most notably the PHP flaw which it targeted within 24 hours of disclosure. This malware was observed as part of Operation Diplo	Unspecified	2

Source Document References

Information about the Noodle RAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Preview	Source Link	CreatedAt	Title
	Trend Micro	5 months ago	Noodle RAT Reviewing the New Backdoor Used by Chinese-Speaking Groups
	InfoSecurity-magazine	5 months ago	Chinese Hackers Leveraging 'Noodle RAT' Backdoor