{"id":19775,"date":"2018-11-21T14:19:46","date_gmt":"2018-11-21T14:19:46","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29534\/L0rdix-Becomes-The-New-Swiss-Army-Knife-Of-Windows-Hacking.html"},"modified":"2018-11-21T14:19:46","modified_gmt":"2018-11-21T14:19:46","slug":"l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/","title":{"rendered":"L0rdix Becomes The New Swiss Army Knife Of Windows Hacking"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/r\/2018\/11\/21\/914fe1b6-673d-41f6-93c1-d7de94f361f5\/thumbnail\/770x578\/7b149c7ec9c63a7896726dd3e2a4ead8\/screenshot-2018-11-21-at-10-32-11.png\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>A new hacking tool making the rounds in underground forums has been deemed the latest &#8220;go-to&#8221; universal offering for attackers targeting Microsoft Windows PCs.<\/p>\n<div class=\"relatedContent alignRight\">\n<h3 class=\"heading\"><span class=\"int\">More security news<\/span><\/h3>\n<\/div>\n<p>The software is called L0rdix and according to cybersecurity researchers from enSilo is &#8220;aimed at infecting Windows-based machines, combines stealing and cryptocurrency mining methods, [and] can avoid malware analysis tools.&#8221;<\/p>\n<p><a href=\"https:\/\/blog.ensilo.com\/l0rdix-attack-tool\" target=\"_blank\" rel=\"noopener noreferrer\">In a blog post<\/a> on Tuesday, enSilo researcher Ben Hunter said the tool is relatively new and is available for purchase. There are, however, indicators that L0rdix is still undergoing development despite an array of different functions already implemented within the malware.<\/p>\n<p>Written in .NET, L0rdix has been developed with stealth in mind. The malware is obfuscated using the standard ConfuserEx obfuscator, and some samples have been tweaked with the more sophisticated .NETGuard obfuscator.<\/p>\n<p>The developers of L0rdix have made an effort when it comes to virtual environments and sandboxes, which are commonly used by researchers for the purposes of reverse engineering and malware analysis.<\/p>\n<p>L0rdix not only performs a number of standard scans to detect these environments but also uses WMI queries and registry keys to search for strings which may indicate sandbox products.<\/p>\n<p>&#8220;The less common checks made by L0rdix include searching processes that load sbiedll.dll which belongs to the sandboxie product, aspiring to increase its chances to avoid running in a simple free virtual environment tool,&#8221; Hunter added.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_ZD_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>The malware has been constructed with sales in mind, containing five core modules with configuration auto-update capabilities and a structure which allows future modules to be easily integrated within L0rdix.<\/p>\n<p><strong>CNET: <a href=\"https:\/\/www.cnet.com\/news\/microsoft-now-lets-you-log-into-outlook-skype-xbox-live-with-no-password\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft now lets you log into Outlook, Skype, Xbox Live without a password<\/a><\/strong><\/p>\n<p>Once a machine is infected, the malware pulls information including OS version, device ID, CPU model, installed antivirus products and current user privileges. This information is encrypted and sent to the command-and-control (C2) server, alongside a screenshot of the machine.<\/p>\n<p>The malware&#8217;s files and configuration settings are then updated based on this information, and it is at this point where L0rdix &#8216;decides&#8217; whether or not cryptocurrency mining and data theft are appropriate.<\/p>\n<p>L0rdix will then infect all removable drives, mapping itself to their icons and hiding the legitimate drive files and directories.<\/p>\n<p>&#8220;All of this is done to make sure that the malware will execute by the user double-clicking it on another machine,&#8221; the researcher says.<\/p>\n<p>Another function is responsible for maintaining persistence. The malware will copy itself to a number of traditional areas, such as scheduled tasks &#8212; but this is an area which is ripe for improvement in the future.<\/p>\n<p><strong>See also: <a href=\"https:\/\/www.zdnet.com\/article\/this-stealthy-malware-circumvents-antivirus-software-to-steal-your-cryptocurrency\/\">Most antivirus programs fail to detect this cryptocurrency-stealing malware<\/a><\/strong><\/p>\n<p>L0rdix is also able to act as a botnet by enslaving the infected PC, with optional commands including opening specific URLs in a browser &#8212; which potentially could be used for domain flooding in Distributed Denial-of-Service (DDoS) attacks &#8212; killing specific processes, uploading and executing additional payloads, and executing cmd commands.<\/p>\n<p>In addition, the malware is able to monitor Windows clipboards for signs of cryptocurrency wallets and strings. If found, this content is sent to the C2, and L0rdix will also aim to collect browser cookies and credentials.<\/p>\n<p><strong>TechRepublic: <a href=\"https:\/\/www.techrepublic.com\/article\/85-of-enterprises-allow-employees-to-access-data-from-personal-devices-security-risks-abound\/\" target=\"_blank\" rel=\"noopener noreferrer\">85% of enterprises allow employees to access data from personal devices, security risks abound<\/a><\/strong><\/p>\n<p>When it comes to fraudulent cryptocurrency mining, some samples contain miner code &#8212; but enSilo believes this was developed in one of the later stages of coding as in some samples, this functionality is absent.<\/p>\n<p>&#8220;While it&#8217;s very easy to notice that most of the effort was put into evading virtual environments and analysis tools along with implementing the stealing module, L0rdix still presents unfinished modules and weak implementation details such as simple encryption or simple data handling between the server and the client,&#8221; Hunter says. &#8220;Those indicators might suggest that the tool is still under development.&#8221;<\/p>\n<p>enSilo expected to see more sophisticated versions of the multipurpose tool in the future as L0rdix undergoes further development to stay attractive to underground buyers.<\/p>\n<h3>Previous and related coverage<\/h3>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29534\/L0rdix-Becomes-The-New-Swiss-Army-Knife-Of-Windows-Hacking.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":19776,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[4764],"class_list":["post-19775","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackermalwaremicrosoftbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>L0rdix Becomes The New Swiss Army Knife Of Windows Hacking 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"L0rdix Becomes The New Swiss Army Knife Of Windows Hacking 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-21T14:19:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking.png\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"L0rdix Becomes The New Swiss Army Knife Of Windows Hacking\",\"datePublished\":\"2018-11-21T14:19:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/\"},\"wordCount\":693,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking.png\",\"keywords\":[\"headline,hacker,malware,microsoft,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/\",\"name\":\"L0rdix Becomes The New Swiss Army Knife Of Windows Hacking 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking.png\",\"datePublished\":\"2018-11-21T14:19:46+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/11\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking.png\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,microsoft,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwaremicrosoftbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"L0rdix Becomes The New Swiss Army Knife Of Windows Hacking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"L0rdix Becomes The New Swiss Army Knife Of Windows Hacking 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/","og_locale":"en_US","og_type":"article","og_title":"L0rdix Becomes The New Swiss Army Knife Of Windows Hacking 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-11-21T14:19:46+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"L0rdix Becomes The New Swiss Army Knife Of Windows Hacking","datePublished":"2018-11-21T14:19:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/"},"wordCount":693,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking.png","keywords":["headline,hacker,malware,microsoft,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/","url":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/","name":"L0rdix Becomes The New Swiss Army Knife Of Windows Hacking 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking.png","datePublished":"2018-11-21T14:19:46+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/11\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking.png","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/l0rdix-becomes-the-new-swiss-army-knife-of-windows-hacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,microsoft,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwaremicrosoftbackdoor\/"},{"@type":"ListItem","position":3,"name":"L0rdix Becomes The New Swiss Army Knife Of Windows Hacking"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/19775","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=19775"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/19775\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/19776"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=19775"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=19775"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=19775"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}