win.noodlerat

Malware updated 5 months ago (2024-06-12T15:17:33.091Z)

Download STIX

Preview STIX

Win.NOODLERAT is a malware variant that functions as a backdoor into infected systems, allowing unauthorized access and control. It is part of the Noodle RAT family, which has two versions: one for Windows (Win.NOODLERAT) and another for Linux (Linux.NOODLERAT). This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Interestingly, Win.NOODLERAT shares similarities with another known malware, Gh0st RAT. They use the same plugins, and Win.NOODLERAT implements an encryption algorithm similar to those used by some variants of Gh0st RAT, such as Gh0stCringe, HiddenGh0st, and Gh0stTimes. However, upon further analysis, cybersecurity firm Trend Micro found that the rest of the code between Win.NOODLERAT and Gh0st RAT does not appear similar, leading them to conclude that while the plugins were reused, the backdoors themselves are fundamentally different. In a detailed blog post, Trend Micro's threat intelligence team provided a technical analysis of both Noodle RAT versions, including their initialization, communication with command and control (C2) servers, control mechanisms once installed, and descriptions of the C2 server features. This analysis offers valuable insights into these threats, enabling better understanding and development of countermeasures against these malware types.

Description last updated: 2024-06-12T15:16:19.851Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
gh0st RAT is a possible alias for win.noodlerat. Gh0st RAT is a malicious software (malware) that has been in use for over 15 years. It is an open-source remote access tool known for exploiting vulnerabilities in systems, most notably the PHP flaw which it targeted within 24 hours of disclosure. This malware was observed as part of Operation Diplo	2
Noodle RAT is a possible alias for win.noodlerat. Noodle RAT, also known as ANGRYREBEL or Nood RAT, is a new strain of malware that has been active since at least 2018. This malicious software, used by Chinese-speaking groups for espionage or cybercrime, was introduced in a Botconf 2024 presentation by Trend Micro Research. The Windows version of N	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Rat

Linux

Backdoor

Windows

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the win.noodlerat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Preview	Source Link	CreatedAt	Title
	Trend Micro	5 months ago	Noodle RAT Reviewing the New Backdoor Used by Chinese-Speaking Groups
	InfoSecurity-magazine	5 months ago	Chinese Hackers Leveraging 'Noodle RAT' Backdoor