Since their first blog post in February of 2020 on the remote access tool (RAT) known as LodaRAT (or Loda), Cisco Talos has monitored its activity and covered their findings in subsequent blog posts.
As a continuation of this series, this blog post details new variants and new behavior Cisco Talos researchers have observed while monitoring LodaRAT over the course of 2022. In this post, they will take an in-depth look at some of the changes in these variants. As detailed below, some changes are rather small; however, some variants have made significant alterations, including both removal of code and implementing additional functionality.
In addition to these findings Cisco Talos researchers have discovered that Loda appears to have garnered attention from various threat actors. In a handful of the instances Loda was deployed alongside–or dropped by–other malware. These include RedLine, Neshta and a previously undocumented VenomRAT variant named S500.
Read more…
Source: Cisco Talos