Loda
AlienVault
· Published 20/12/2025 19:35 · Modified 20/12/2025 21:56
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:35
- Modified
- 20/12/2025 21:56
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 11 attack patterns (mitre), 2 intrusion sets (apt), 6 sectors, 3 countries, 50 indicators, 2 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (11)
-
T1056 usesInput Capture MITRE
-
T1566 usesPhishing MITRE
-
T1059.001 usesPowerShell MITRE
-
T1041 usesExfiltration Over C2 Channel MITRE
-
T1053.005 usesScheduled Task MITRE
-
T1056.001 usesKeylogging MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1195.002 usesCompromise Software Supply Chain MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1036 usesMasquerading MITRE
-
T1547 usesBoot or Logon Autostart Execution MITRE
Intrusion sets (APT) (2)
-
Kasablanka usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TA558 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (6)
-
Hospitality targets
-
Hotel targets
-
Culture targets
-
Diplomacy targets
-
Transportation targets
-
Manufacturing targets
Countries (3)
-
United States of America targets
-
Bangladesh targets
-
Russian Federation targets
Indicators (50)
-
http://45.61.137.32/svvhost.rarindicatesstix 100/100 Revoked· Valid until 06/03/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 21/11/2023 · Source: AlienVault
-
http://45.61.137.32/www.exeindicatesstix 100/100 Revoked· Valid until 06/03/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 28/01/2024 · Source: AlienVault
-
stix 100/100 Revoked
Win32:CoinminerX-gen\ [Trj]
· Valid until 28/01/2024 · Source: AlienVault -
microsofft.sslblindado.comindicatesstix 100/100 Revoked· Valid until 01/12/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 21/11/2023 · Source: AlienVault
Vulnerabilities (CVE) (2)
7.8
High
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 11/07/2017
- Modified
- 22/04/2026
7.8
High
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
- Attack vector
- Local
- Complexity
- Low
- Published
- 15/11/2017
- Modified
- 29/05/2026