ioc[.]one - OSINT Cyber Threat Intelligence Database

Loda RAT Grows Up

Tags

country:	Argentina Brazil Costa Rica United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Network Security Appliances - T1590.006 Phishing - T1660 Phishing - T1566 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	eaefae27-26e4-462a-a373-97ec90447929
Fingerprint	b2b10db59db607cb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 12, 2020, 2:45 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Vulnerability Information
Title	Loda RAT Grows Up
Detected Hints/Tags/Attributes	65/3/45

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2020/02/loda-rat-grows-up.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	CVE	375	cve-2017-11882
Details	Domain	1	4success.zapto.org
Details	Domain	1	success20.hopto.org
Details	Domain	1	lcodigo.com
Details	Domain	2	live.mp3quran.net
Details	Domain	904	snort.org
Details	Domain	1	drinkfoodapp.com
Details	Domain	1	yewonder.com
Details	Domain	1	www.miracleworkstudios.com
Details	Domain	1	wp.168gamer.com
Details	Domain	1	breakthrough.hopto.org
Details	File	1	pago.docx
Details	File	2	documento.doc
Details	File	2126	cmd.exe
Details	File	269	msiexec.exe
Details	File	1	fkrkdn.msi
Details	File	1	jlmwff.exe
Details	File	34	recentservers.xml
Details	File	2	live.mp3
Details	File	1	kctlqz.msi
Details	File	1	settings.doc
Details	File	1	grcfne.msi
Details	File	1	eklnxx.msi
Details	File	1	updates.doc
Details	File	1	mcsonb.msi
Details	File	5	office.doc
Details	sha256	1	b5df816986a73e890f41ff0c0470a2208df523f17eb4eac9c5f0546da2ec161e
Details	sha256	1	af42191fe2ea328080939ec656302a8f364dac44b5cd8277dcbaeb15ff499178
Details	sha256	1	36865059f1c142ba1846591aae8d78d8a109a0dc327a88547e41e3663bad2eaf
Details	sha256	1	e15336491ab57a16a870edd5b135014b62387cb45e4e490b9d4091c54394dec4
Details	sha256	1	9edd2bfdb0c177f046cec1392d31ee3f67174e0a23fdf7e4b6fd580e769f0493
Details	sha256	1	8b989db4a9f8c3f0fa825cca35386ac4be4e33fd2ea53a118d4f4dd8259aeccc
Details	sha256	1	633f3970c31c9cb849bd5f66c3a783538bb2327b4bec5774b870f8b3b53ea3c1
Details	sha256	1	c65668958c5dfeccb40abd0771c17d045f24c78f51ea6c3955e110f53ad8eece
Details	sha256	1	740a5c19645d5a90fc1e11c84f5d6a058dc50206337aa37bbc783bd54ba84a79
Details	sha256	1	6cb47f2ecd58349ffe65d7ea281eea2ebd231bbaac30843f872ae2249bd140b0
Details	Url	1	http://lcodigo.com/apiw/config/uploads/tmp/documento.doc
Details	Url	1	http://lcodigo.com/apiw/config/uploads/tmp/fkrkdn.msi
Details	Url	1	http://lcodigo.com/apiw/config/uploads/tmp/kctlqz.msi
Details	Url	1	http://drinkfoodapp.com/admindf/assets/img/app/settings.doc
Details	Url	1	http://drinkfoodapp.com/admindf/assets/img/app/grcfne.msi
Details	Url	1	http://yewonder.com/wp-content/plugins/ltfhmam/eklnxx.msi
Details	Url	1	https://www.miracleworkstudios.com/wp-content/uploads/2019/12/app/updates.doc
Details	Url	1	http://wp.168gamer.com/secured/mcsonb.msi
Details	Url	1	http://wp.168gamer.com/secured/office.doc