Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella
Tags
cmtmf-attack-pattern: Exploit Public-Facing Application Process Injection
country: China India Japan Thailand Taiwan United States Of America
attack-pattern: Data Direct Model Credentials - T1589.001 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Exploit Public-Facing Application - T1377 Exploits - T1587.004 Exploits - T1588.005 Group Policy Preferences - T1552.006 Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Network Devices - T1584.008 Ntds - T1003.003 Process Injection - T1631 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Dll Side-Loading - T1073 Exploit Public-Facing Application - T1190 Process Injection - T1055 Scheduled Task - T1053 Exploit Public-Facing Application
Show in Graph
Common Information
Type Value
UUID 27f150f8-b59c-4a19-bad5-e1b6ab41a1c3
Fingerprint bc5180d164efad4b
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 19, 2024, midnight
Added to db Nov. 19, 2024, 10:09 a.m.
Last updated Nov. 20, 2024, 5:36 p.m.
Headline Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella
Title Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella
Detected Hints/Tags/Attributes 130/3/39
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_us/research/24/k/lodeinfo-campaign-of-earth-kasha.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 119 Trend Micro Research, News and Perspectives https://feeds.feedburner.com/TrendMicroSimplySecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 4 
cve-2023-28461
Details CVE 5 
cve-2023-45727
Details CVE 111 
cve-2023-27997
Details CVE 31 
cve-2013-3900
Details CVE 36 
cve-2023-3466
Details CVE 44 
cve-2023-3467
Details CVE 154 
cve-2023-3519
Details Domain 1 
earth.hopto.org
Details File 15 
csvde.exe
Details File 50 
nltest.exe
Details File 18 
quser.exe
Details File 3 
all.csv
Details File 3 
schetasks.exe
Details File 120 
sc.exe
Details File 4 
sfsdllsample.exe
Details File 4 
sfsdll32.dll
Details File 2 
mssitlb.xml
Details File 2 
uianimation.xml
Details File 2 
shiftjis.dat
Details File 2 
contrast-white.dat
Details File 6 
list.xlsx
Details File 2 
diagram.xlsx
Details File 5 
rdrleakdiag.exe
Details File 10 
tabcal.exe
Details File 752 
kernel32.dll
Details File 4 
symstore.exe
Details File 41 
wuauclt.exe
Details File 1 
mru.dat
Details File 1 
sqlstudio.bin
Details File 3 
%temp%\31558.txt
Details File 2136 
cmd.exe
Details md5 2 
3B27D4EEFBC6137C23BD612DC7C4A817
Details md5 2 
9AA5BB92E9D1CD212EFB0A5E9149B7E5
Details md5 2 
3C7660B04EE979FDC29CD7BBFDD05F23
Details md5 2 
12E2FC6C22B38788D8C1CC2768BD2C76
Details md5 2 
2D3D5C19A771A3606019C8ED1CD47FB5
Details Threat Actor Identifier - APT 284 
APT10
Details Windows Registry Key 2 
HKLM\Software\Microsoft\SQMClient\MachineId
Details Windows Registry Key 1 
HKCU\SOFTWARE\Microsoft\COM3