hcdLoader

hcdLoader is a remote access tool (RAT) that has been used by APT18. [1]

ID: S0071
Aliases: hcdLoader
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line InterfacehcdLoader provides command-line access to the compromised system.[1]
EnterpriseT1050New ServicehcdLoader installs itself as a service for persistence.[1][2]

Groups

Groups that use this software:

APT18

References