Fighting to LODEINFO
Common Information
| Type | Value |
|---|---|
| UUID | e46bb176-d90c-48a8-a96c-fb73f1c1396f |
| Fingerprint | 3406c40e4f15811dd25bf18d09fdc4162a70969d8f6f1b3794af4cea773e2a24 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | None |
| Added to db | March 12, 2024, 8:04 p.m. |
| Last updated | Aug. 31, 2024, 5:25 a.m. |
| Headline | Fighting to LODEINFO |
| Title | Fighting to LODEINFO |
| Detected Hints/Tags/Attributes | 168/4/195 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 71 | blogs.jpcert.or.jp |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 268 | www.virustotal.com |
|
| Details | Domain | 15 | www.macnica.co.jp |
|
| Details | Domain | 19 | www.hybrid-analysis.com |
|
| Details | Domain | 87 | app.any.run |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 2 | shellcode2vba.py |
|
| Details | Domain | 26 | www.lac.co.jp |
|
| Details | Domain | 15 | www.ipa.go.jp |
|
| Details | Domain | 2 | www.cfiec.jp |
|
| Details | Domain | 2 | www.jpc-net.jp |
|
| Details | Domain | 170 | www.sans.org |
|
| Details | Domain | 3 | vb2020.vblocalhost.com |
|
| Details | Domain | 13 | hitcon.org |
|
| Details | Domain | 20 | insight-jp.nttsecurity.com |
|
| Details | Domain | 5 | www.amebaoor.net |
|
| Details | Domain | 5 | www.evonzae.com |
|
| Details | Domain | 6 | www.dvdsesso.com |
|
| Details | File | 2 | lodeinfo-3.html |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | evolution-of-malware-lodeinfo.html |
|
| Details | File | 3 | sfsdllsample.exe |
|
| Details | File | 3 | sfsdll32.dll |
|
| Details | File | 10 | k7sysmon.exe |
|
| Details | File | 3 | cyberespionage_report_2021_6.pdf |
|
| Details | File | 2 | age_report_2021_6.pdf |
|
| Details | File | 10 | 1.docx |
|
| Details | File | 11 | k7sysmn1.dll |
|
| Details | File | 2 | 4.docx |
|
| Details | File | 2 | shellcode2vba.py |
|
| Details | File | 3 | decoy.doc |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 2 | blob.tmp |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 3 | 11554.htm |
|
| Details | File | 3 | 20180521_001638.html |
|
| Details | File | 3 | 2.docm |
|
| Details | File | 2 | いて.doc |
|
| Details | File | 10 | test.doc |
|
| Details | File | 2 | 世界経済アウトルック.doc |
|
| Details | File | 2 | lmane.doc |
|
| Details | File | 2 | 新旧参与会議意見書の比較.doc |
|
| Details | File | 3 | ご案内2.doc |
|
| Details | File | 2 | 確認資料国際法務.doc |
|
| Details | File | 5 | 000106897.pdf |
|
| Details | File | 2 | 20220804_005992.html |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 2 | malware-lodeinfo-targeting-japan.html |
|
| Details | File | 6 | mpressioncss_ta_report_2020_5.pdf |
|
| Details | File | 5 | vb2020.vb |
|
| Details | File | 2 | vb2020-66.pdf |
|
| Details | File | 2 | wnjpit%20and%20lilimrat.pdf |
|
| Details | Github username | 5 | lvandeve |
|
| Details | Github username | 23 | jpcertcc |
|
| Details | Github username | 6 | didierstevens |
|
| Details | Github username | 2 | nflabs |
|
| Details | md5 | 2 | 1871402d3c83b2e15bf516d754458bd4 |
|
| Details | md5 | 3 | 016a974e70bbce6161862e0ac01a0211 |
|
| Details | md5 | 4 | da1c9006b493d7e95db4d354c5f0e99f |
|
| Details | md5 | 3 | ff71fadc33b883de934e632ddb4c6b78 |
|
| Details | md5 | 2 | e7c9d5568ed5c646c410e3928ab9a093 |
|
| Details | md5 | 2 | c031b786cb0a7479cc72d299dab2f0e3 |
|
| Details | md5 | 2 | 327d8070a583bdecc349275b1f018dce |
|
| Details | md5 | 2 | bca533b3336240bc5cc68117408debdf |
|
| Details | md5 | 2 | e6979fdd5f92d68cbbf06889f52f4f32 |
|
| Details | md5 | 5 | cb2fcd4fd44a7b98af37c6542b198f8d |
|
| Details | md5 | 5 | da20ff8988198063b56680833c298113 |
|
| Details | md5 | 4 | a8220a76c2fe3f505a7561c3adba5d4a |
|
| Details | md5 | 2 | bfb70a586ad1a60509dcea8839132662 |
|
| Details | md5 | 4 | 26892038ab19c44ba55c84b20083cdbd |
|
| Details | md5 | 2 | 025aa0aeb7ed182321bc21e5c9f44fc4 |
|
| Details | md5 | 2 | c965bcc3b2bc3d54bc93121ae46eb0b0 |
|
| Details | md5 | 2 | 797b450509e9cad63d30cd596ac8b608 |
|
| Details | md5 | 2 | 57228e857180205643a0e1c1b43a5c3f |
|
| Details | md5 | 2 | fefaa0df12195fc3d90d9393ad3a7840 |
|
| Details | md5 | 2 | 9706c9b6c5133c2a9be5a67da069b97f |
|
| Details | md5 | 2 | b7b97eb5a297e8371b6964a83f4650da |
|
| Details | md5 | 2 | 95b862f508bd2473012065947abc2eb3 |
|
| Details | md5 | 2 | e0b9a79d594e5a05a83e450e7a27637b |
|
| Details | md5 | 2 | f82fbfb10958eb37e0d570c66c180c1b |
|
| Details | md5 | 2 | 82f65647ff02fb0f13880f9158acfbcd |
|
| Details | md5 | 2 | 56cbbea8535c0e8ae967fcdec17db491 |
|
| Details | sha256 | 5 | b50d83820a5704522fee59164d7bc69bea5c834ebd9be7fd8ad35b040910807f |
|
| Details | sha256 | 5 | 1cc809788663e6491fce42c758ca3e52e35177b83c6f3d1b3ab0d319a350d77d |
|
| Details | sha256 | 3 | 8c062fef5a04f34f4553b5db57cd1a56df8a667260d6ff741f67583aed0d4701 |
|
| Details | sha256 | 5 | 65433fd59c87acb8d55ea4f90a47e07fea86222795d015fe03fba18717700849 |
|
| Details | sha256 | 4 | 641d1e752250d27556de774dbb3692d24c4236595ee0e26cc055d4ab5e9cdbe0 |
|
| Details | sha256 | 4 | 73470ea496126133fd025cfa9b3599bea9550abe2c8d065de11afb6f7aa6b5df |
|
| Details | sha256 | 3 | 3fda6fd600b4892bda1d28c1835811a139615db41c99a37747954dcccaebff6e |
|
| Details | sha256 | 3 | f142eecf2defc53a310b3b00ae39ffecc1c345527fdfbfea8ccccd0d69276b41 |
|
| Details | sha256 | 3 | 2169d93f344e3f353444557b9009aef27f1b0a0a8aa3d947b5b8f0b36ef20672 |
|
| Details | sha256 | 3 | d75537d59954ec3cc092378f00b16b6c9935590ef1074cb308e1ed65e922762c |
|
| Details | sha256 | 3 | 1dbf67d7dadba5505073aaf3e4478dd295b074bddf10ac5ac7b80d7fc14bea63 |
|
| Details | sha256 | 3 | fc602ebcf5f9697bedae0e641adfc16985058212f7b9e69dad0f1bf53daf93f9 |
|
| Details | sha256 | 3 | 978ba248c02eb9c130c1459b767527f8a3a9714c6686c12432e027da56f6c553 |
|
| Details | sha256 | 3 | dab7d79644453a7ca61b9b585c1081167dbe5df0da398df2458c1081295f68e6 |
|
| Details | sha256 | 3 | 50cf6841cbc0ce395a23b9a4d2ddac77b11a376929878717e90c9a7430feddc3 |
|
| Details | sha256 | 3 | 88efbc6e883336a0b910b7bcf0ef5c2172d913371db511a59a4a525811173bf1 |
|
| Details | sha256 | 3 | e764f26c3e5bf8467da51fbb33c3d80f026b8fe5bd5a6b84318b3f0aedb667cd |
|
| Details | sha256 | 3 | fde82dcccd471b63f511c6f76dc04e12334818cda8b38f5048b8ad85c9357089 |
|
| Details | sha256 | 2 | a5cf580c1768bb8d28716978fa026b7e2dec4eb5a9c4396ede0c704bfe09ed36 |
|
| Details | sha256 | 2 | 40a650488e94455b181716efba43f082e891e1c6e45d3f1e5ab827de319276c9 |
|
| Details | sha256 | 2 | 5738bf7b27c61c1421b08be98143ab3bc32b779a45d5350f40f689bf268489ed |
|
| Details | sha256 | 2 | 9af72a598dc4a1e10265dcf7da20d6433a9473a338e2fc012f4e490ad721d871 |
|
| Details | sha256 | 2 | 7f32df11846b0a5b4d43d8ce1f7ddcebf9aef6d568ba210534a0b9e246d6561e |
|
| Details | sha256 | 2 | 0abbdee5d3c5191bfb9a3a91712d8b538d6d8a0cc0489b3e5aa10034b2fccd3c |
|
| Details | sha256 | 2 | 5faa813b811236f14fec8e0e7ee9d0135efaf296d6dcb4bd2be8cf3165fa940d |
|
| Details | sha256 | 2 | 31c87d9a84c7996a56024c93787de9332099faf707cd8d0166e5af9d491977b8 |
|
| Details | sha256 | 2 | f53c5fd78000755ccfff11d2f1b7d659f4a71c887083697d54b8fe8cf905ef6a |
|
| Details | sha256 | 2 | a8ec766eee6cc3c6416519f8407ac534f088637ed1a6bc05ed0596d8a0237548 |
|
| Details | sha256 | 2 | a5ce5a179ec56aa6e2bc86be77df07b15650cdbcbca046515263fe16b8e2a036 |
|
| Details | sha256 | 2 | 8260b1e80eeff2e0b39f782eebfa9460b00ebef480c3fed6fbccf8cfc67dbef9 |
|
| Details | sha256 | 2 | ed82f4fff39fbdcbefdbcb0a9c9ae6fb689f6db64f94bd8eb6c924fd0409792c |
|
| Details | sha256 | 2 | 8f51b5bdb9b7234426fa8fdfbfac9eb46d650c6a22c9ed49ab8f0fc09e5d76a5 |
|
| Details | IPv4 | 5 | 45.77.28.124 |
|
| Details | IPv4 | 5 | 172.105.223.216 |
|
| Details | IPv4 | 4 | 202.182.108.127 |
|
| Details | IPv4 | 6 | 103.175.16.39 |
|
| Details | IPv4 | 6 | 5.8.95.174 |
|
| Details | IPv4 | 5 | 172.104.112.218 |
|
| Details | IPv4 | 5 | 45.67.231.169 |
|
| Details | IPv4 | 3 | 45.76.216.40 |
|
| Details | IPv4 | 5 | 162.244.32.148 |
|
| Details | IPv4 | 3 | 103.140.45.71 |
|
| Details | IPv4 | 5 | 193.228.52.57 |
|
| Details | IPv4 | 5 | 139.180.192.19 |
|
| Details | IPv4 | 5 | 103.27.184.27 |
|
| Details | IPv4 | 3 | 167.179.84.162 |
|
| Details | IPv4 | 5 | 103.140.187.183 |
|
| Details | IPv4 | 5 | 167.179.65.11 |
|
| Details | IPv4 | 3 | 103.204.172.210 |
|
| Details | IPv4 | 4 | 130.130.121.44 |
|
| Details | IPv4 | 3 | 133.130.121.44 |
|
| Details | IPv4 | 4 | 118.107.11.135 |
|
| Details | IPv4 | 4 | 172.104.72.4 |
|
| Details | IPv4 | 3 | 167.179.101.46 |
|
| Details | IPv4 | 4 | 172.105.230.196 |
|
| Details | IPv4 | 3 | 167.179.112.74 |
|
| Details | IPv4 | 3 | 172.104.78.44 |
|
| Details | IPv4 | 5 | 172.105.232.89 |
|
| Details | IPv4 | 3 | 108.61.201.135 |
|
| Details | IPv4 | 3 | 194.68.27.49 |
|
| Details | IPv4 | 3 | 139.162.112.40 |
|
| Details | MITRE ATT&CK Techniques | 32 | T1583.004 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1566.001 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1047 |
|
| Details | MITRE ATT&CK Techniques | 137 | T1059.005 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 380 | T1547.001 |
|
| Details | MITRE ATT&CK Techniques | 227 | T1574.002 |
|
| Details | MITRE ATT&CK Techniques | 28 | T1027.007 |
|
| Details | MITRE ATT&CK Techniques | 40 | T1027.009 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
| Details | MITRE ATT&CK Techniques | 33 | T1614.001 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 585 | T1083 |
|
| Details | MITRE ATT&CK Techniques | 29 | T1560.002 |
|
| Details | MITRE ATT&CK Techniques | 219 | T1113 |
|
| Details | MITRE ATT&CK Techniques | 118 | T1056.001 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 130 | T1573.001 |
|
| Details | MITRE ATT&CK Techniques | 40 | T1132.002 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | MITRE ATT&CK Techniques | 472 | T1486 |
|
| Details | MITRE ATT&CK Techniques | 93 | T1485 |
|
| Details | Threat Actor Identifier - APT | 278 | APT10 |
|
| Details | Url | 1 | https://blogs.jpcert.or.jp/en/2021/02/lodeinfo-3.html |
|
| Details | Url | 3 | https://github.com/lvandeve/lodepng |
|
| Details | Url | 1 | https://blogs.jpcert.or.jp/en/2020/06/evolution-of-malware-lodeinfo.html |
|
| Details | Url | 2 | https://github.com/jpcertcc/jpcert-yara/blob/main/other/lodeinfo.yara |
|
| Details | Url | 43 | https://www.virustotal.com |
|
| Details | Url | 3 | https://www.macnica.co.jp/business/security |
|
| Details | Url | 2 | https://www.hybrid-analysis.com/yara-search |
|
| Details | Url | 7 | https://app.any.run |
|
| Details | Url | 2 | https://www.macnica.co.jp/b |
|
| Details | Url | 2 | https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i |
|
| Details | Url | 2 | https://github.com/didierstevens/didierstevenssuite/blob |
|
| Details | Url | 3 | https://www.lac.co.jp/lacwatch/people/20180521_001638.html |
|
| Details | Url | 3 | https://www.ipa.go.jp/files/000106897.pdf |
|
| Details | Url | 2 | https://www.cfiec.jp/2022-08-07 |
|
| Details | Url | 2 | https://www.jpc-net.jp/news/detail/20220804_005992.html |
|
| Details | Url | 2 | https://www.sans.org/white-papers/36240 |
|
| Details | Url | 2 | https://blogs.jpcert.or.jp/en/2020/02/malware-lodeinfo-targeting-japan.html |
|
| Details | Url | 6 | https://www.macnica.co.jp/business/security/manufacturers/files/mpressioncss_ta_report_2020_5.pdf |
|
| Details | Url | 2 | https://vb2020.vblocalhost.com/uploads/vb2020-66.pdf |
|
| Details | Url | 2 | https://hitcon.org/2021/agenda/6d88317b-4d90-4249-ba87- |
|
| Details | Url | 3 | https://www.macnica.co.jp/business/security/cyberespionage_report_2021_6.pdf |
|
| Details | Url | 2 | https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-ii |
|
| Details | Url | 2 | https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese- |
|
| Details | Url | 1 | https://insight-jp.nttsecurity.com/post/102hojk/operation-restylink-apt-campaign-targeting-japanese- |
|
| Details | Url | 2 | https://github.com/nflabs/aa_tools/tree/main/lodeinfo |