win.noodlerat

Malware updated 7 days ago (2024-11-29T14:21:00.115Z)
Download STIX
Preview STIX
Win.NOODLERAT is a malware variant that functions as a backdoor into infected systems, allowing unauthorized access and control. It is part of the Noodle RAT family, which has two versions: one for Windows (Win.NOODLERAT) and another for Linux (Linux.NOODLERAT). This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Interestingly, Win.NOODLERAT shares similarities with another known malware, Gh0st RAT. They use the same plugins, and Win.NOODLERAT implements an encryption algorithm similar to those used by some variants of Gh0st RAT, such as Gh0stCringe, HiddenGh0st, and Gh0stTimes. However, upon further analysis, cybersecurity firm Trend Micro found that the rest of the code between Win.NOODLERAT and Gh0st RAT does not appear similar, leading them to conclude that while the plugins were reused, the backdoors themselves are fundamentally different. In a detailed blog post, Trend Micro's threat intelligence team provided a technical analysis of both Noodle RAT versions, including their initialization, communication with command and control (C2) servers, control mechanisms once installed, and descriptions of the C2 server features. This analysis offers valuable insights into these threats, enabling better understanding and development of countermeasures against these malware types.
Description last updated: 2024-06-12T15:16:19.851Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
gh0st RAT is a possible alias for win.noodlerat. Gh0st RAT is a malicious software (malware) that has been in use for over 15 years. It is an open-source remote access tool known for exploiting vulnerabilities in systems, most notably the PHP flaw which it targeted within 24 hours of disclosure. This malware was observed as part of Operation Diplo
2
Noodle RAT is a possible alias for win.noodlerat. Noodle RAT, also known as ANGRYREBEL or Nood RAT, is a new strain of malware that has been active since at least 2018. This malicious software, used by Chinese-speaking groups for espionage or cybercrime, was introduced in a Botconf 2024 presentation by Trend Micro Research. The Windows version of N
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Linux
Backdoor
Windows
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the win.noodlerat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Trend Micro
6 months ago
InfoSecurity-magazine
6 months ago