win.loda (Back to overview)


aka: LodaRAT, Nymeria

Loda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as “Trojan.Nymeria”, although the connection is not well-documented.

2023-10-25Cisco TalosAsheer Malhotra, Vitor Ventura
Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan
Ave Maria Loda YoroTrooper
2023-03-14Cisco TalosAsheer Malhotra, Vitor Ventura
Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Poet RAT Loda Kasablanka YoroTrooper
2023-01-17QianxinRed Raindrop Team
Kasablanka Group Probably Conducted Compaigns Targeting Russia
Ave Maria Loda
2022-11-17Cisco TalosChris Neal
Get a Loda This: LodaRAT meets new friends
Loda Kasablanka
2022-08-18ProofpointJoe Wise, Proofpoint Threat Research Team, Selena Larson
Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-08-17360360 Threat Intelligence Center
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East
SpyNote Loda Nanocore RAT NjRAT
2021-02-15Silent PushMartijn Grooten
More LodaRAT infrastructure targeting Bangladesh uncovered
2021-02-09TalosChris Neal, Vitor Ventura, Warren Mercer
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
2020-09-29Cisco TalosChris Neal
LodaRAT Update: Alive and Well
2020-02-12Cisco TalosChris Neal
Loda RAT Grows Up
Maldoc (RTF) drops Loda Logger
2017-05-10ProofpointProofpoint Staff
Introducing Loda Malware

There is no Yara-Signature yet.