# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: loda, lodalogger, lodarat # Reference: https://twitter.com/James_inthe_box/status/1047193599660576768 torrentfreak.duckdns.org # Reference: https://twitter.com/DynamicAnalysis/status/1166433211548913668 79.134.225.71:7070 plunder.nsupdate.info # Reference: https://twitter.com/425a_/status/1166792682812952576 # Reference: https://app.any.run/tasks/9654615e-a7d4-4f08-b29a-3a05d7012646/ 172.111.184.248:5000 faith.dns-cloud.net # Reference: https://app.any.run/tasks/919aede4-0cb3-42c6-a2df-cda9221cf38b/ monlait-57586.portmap.host 193.161.193.99:37659 # Reference: https://app.any.run/tasks/a0ac054a-1776-4121-978a-c5e5dfcd9bc0/ adomazmc.duckdns.org # Reference: https://app.any.run/tasks/c4f94b73-2d0d-40e1-9c1b-d0c34b0c37d7/ battying.duckdns.org 88.150.227.112:11361 # Reference: https://app.any.run/tasks/376bbb21-01c0-4ebf-8441-2acd7bdcce80/ 79.142.76.244:11361 # Reference: https://twitter.com/killamjr/status/1192967390910394368 # Reference: https://zerophagemalware.com/2018/01/23/maldoc-rtf-drop-loda-logger/ # Reference: https://app.any.run/tasks/279e3b22-239a-470a-b3aa-63e3cefd8e75/ 193.161.193.99:37659 monlait-57586.portmap.host # Reference: https://www.virustotal.com/gui/file/a402b91d84f226b0cbbe9c5f4fd8e079ace27a8dc66047d6e10685462e2b26bf/detection 142.44.161.51:7070 # Reference: https://twitter.com/killamjr/status/1221484462342459392 # Reference: https://app.any.run/tasks/5bb47889-64a6-40bf-a77d-0ba2b2578942/ 79.142.76.244:64735 breakthrough.hopto.org # Reference: https://blog.talosintelligence.com/2020/02/loda-rat-grows-up.html # Reference: https://otx.alienvault.com/pulse/5e4460cce66c474d5bb319a1 4success.zapto.org breakthrough.hopto.org success20.hopto.org # Reference: https://www.virustotal.com/gui/file/e17570bb819f551412fec0cd61acc3b9d832f8990894c392c44ff00f9958d801/detection 79.142.76.244:53916 # Reference: https://www.virustotal.com/gui/file/e80013a61796dac4c6d90283a2b956e005605d188d5127ff57552bfad64ecac7/detection 79.142.76.244:2089 # Reference: https://www.virustotal.com/gui/file/861f52459f96e434a6e5f9a96153e781f31cfa60d9979b7fa94ee42892a674e7/detection 79.142.76.244:4676 # Reference: https://www.virustotal.com/gui/file/fbdc8ef710f6210128d96f4a1b195c11ae0c30e526d552d792824239460e23d7/detection 88.150.227.112:4676 # Reference: https://blog.talosintelligence.com/2020/09/lodarat-update-alive-and-well.html # Reference: https://www.virustotal.com/gui/file/0d181658d2a7f2502f1bc7b5a93b508af7099e054d8e8f57b139ad2702f3dc2d/detection # Reference: https://www.virustotal.com/gui/file/05d2fa5bb97f37edaaff99f58ffedbd438e928fb3881ede921a19b07fb884b0b/detection # Reference: https://www.virustotal.com/gui/file/866397c8db26190c5a346bd863d9beb81e53d96011af9a3be6eeb713bbb57287/detection # Reference: https://www.virustotal.com/gui/file/2d317bcccea4739b2deefcc3b14cf5eafe147162f62c5ff1288db3635b5c3f10/detection 172.111.203.72:4000 174.126.51.178:1543 46.243.136.238:4000 roodan888tools.atwebpages.com # Reference: https://www.virustotal.com/gui/file/1d2f52ed77b7e4cf1e9cbdb849b17fe0e8c6c75e4584a473368a0affc6cdfc42/detection 107.175.145.170:1336 # Reference: https://www.virustotal.com/gui/file/32398f9c7ae23b1efbaf973b7ee2c02bc8e1e39136ed2b84d66b5bb1c21d20c2/detection 194.187.251.163:9735 setupbases.awsmppl.com # Reference: https://www.virustotal.com/gui/file/5452c3094aa6f0c9502bdd114a577b6fd5ce65c9b9fe40f24b0aa7c2d121d1cf/detection 82.246.130.70:1605 lazytoxic.ddns.net # Reference: https://twitter.com/Racco42/status/1334846921568088064 # Reference: https://app.any.run/tasks/c7fc7a6b-0d28-4994-a44c-0e07ebaf7d98/ 178.162.204.238:50253 tmlo.awsmppl.com # Reference: https://twitter.com/bl4ckh0l3z/status/1344624887713947648 # Reference: https://www.virustotal.com/gui/file/fb16f8f7d8b7432fbf799a645bee85f621fe8aae4f6b2bbdbcb981e420516476/detection 193.161.193.99:48855 hackerisback-48855.portmap.host