SYMBOLCOMMON_NAMEaka. SYNONYMS
win.loda (Back to overview)

Loda

aka: LodaRAT, Nymeria
URLhaus      

Loda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as “Trojan.Nymeria”, although the connection is not well-documented.

References
2023-03-14Cisco TalosAsheer Malhotra, Vitor Ventura
@online{malhotra:20230314:talos:f709c24, author = {Asheer Malhotra and Vitor Ventura}, title = {{Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency}}, date = {2023-03-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/}, language = {English}, urldate = {2023-03-20} } Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Poet RAT Loda
2023-01-17QianxinRed Raindrop Team
@online{team:20230117:kasablanka:d2d13e1, author = {Red Raindrop Team}, title = {{Kasablanka Group Probably Conducted Compaigns Targeting Russia}}, date = {2023-01-17}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Kasablanka-Group-Probably-Conducted-Compaigns-Targeting-Russia/}, language = {English}, urldate = {2023-01-18} } Kasablanka Group Probably Conducted Compaigns Targeting Russia
Ave Maria Loda
2022-08-18ProofpointJoe Wise, Selena Larson, Proofpoint Threat Research Team
@online{wise:20220818:reservations:c2f9faf, author = {Joe Wise and Selena Larson and Proofpoint Threat Research Team}, title = {{Reservations Requested: TA558 Targets Hospitality and Travel}}, date = {2022-08-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel}, language = {English}, urldate = {2022-08-18} } Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-08-17360360 Threat Intelligence Center
@online{center:20220817:kasablanka:2a28570, author = {360 Threat Intelligence Center}, title = {{Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East}}, date = {2022-08-17}, organization = {360}, url = {https://mp.weixin.qq.com/s/mstwBMkS0G3Et4GOji2mwA}, language = {Chinese}, urldate = {2022-08-19} } Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East
SpyNote Loda Nanocore RAT NjRAT
2021-02-15Silent PushMartijn Grooten
@online{grooten:20210215:more:d06b030, author = {Martijn Grooten}, title = {{More LodaRAT infrastructure targeting Bangladesh uncovered}}, date = {2021-02-15}, organization = {Silent Push}, url = {https://www.silentpush.com/blog/more-lodarat-infrastructure-targeting-bangladesh-uncovered}, language = {English}, urldate = {2022-06-09} } More LodaRAT infrastructure targeting Bangladesh uncovered
Loda
2021-02-09TalosWarren Mercer, Chris Neal, Vitor Ventura
@online{mercer:20210209:kasablanka:63078fc, author = {Warren Mercer and Chris Neal and Vitor Ventura}, title = {{Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows}}, date = {2021-02-09}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html}, language = {English}, urldate = {2021-02-09} } Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
Loda
2020-09-29Cisco TalosChris Neal
@online{neal:20200929:lodarat:d1cf82f, author = {Chris Neal}, title = {{LodaRAT Update: Alive and Well}}, date = {2020-09-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/09/lodarat-update-alive-and-well.html}, language = {English}, urldate = {2020-10-04} } LodaRAT Update: Alive and Well
Loda
2020-02-12Cisco TalosChris Neal
@online{neal:20200212:loda:3334939, author = {Chris Neal}, title = {{Loda RAT Grows Up}}, date = {2020-02-12}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/02/loda-rat-grows-up.html}, language = {English}, urldate = {2020-02-13} } Loda RAT Grows Up
Loda
2018-01-23Zerophage
@online{zerophage:20180123:maldoc:7574f7e, author = {Zerophage}, title = {{Maldoc (RTF) drops Loda Logger}}, date = {2018-01-23}, url = {https://zerophagemalware.com/2018/01/23/maldoc-rtf-drop-loda-logger/}, language = {English}, urldate = {2020-01-09} } Maldoc (RTF) drops Loda Logger
Loda
2017-05-10ProofpointProofpoint Staff
@online{staff:20170510:introducing:7355f5b, author = {Proofpoint Staff}, title = {{Introducing Loda Malware}}, date = {2017-05-10}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/introducing-loda-malware}, language = {English}, urldate = {2019-12-20} } Introducing Loda Malware
Loda

There is no Yara-Signature yet.