Malware
L0rdix
aka lordix
L0rdix is a multipurpose .NET remote access tool (RAT) first discovered being sold on underground forums in November 2018.
L0rdix is a multipurpose .NET remote access tool (RAT) first discovered being sold on underground forums in November 2018. Out of the box, L0rdix supports eight commands, although custom commands can be defined and added. These include:
Download and execute Update Open page (visible) Open page (invisible) Cmd Kill process Upload file HTTP Flood
L0rdix can extract credentials from common web browsers and steal data from crypto wallets and a target's clipboard. Optionally, L0rdix can deploy a cryptominer (XMRig) to its bots.
Family metadata imported from Malpedia (Fraunhofer FKIE).