Openhunting Threat Library

LODEINFO

LODEINFO
(Type: Backdoor)

(JPCERT/CC) LODEINFO communicates with specific hosts and operates according to the commands received from there.

[News Analysis] Trends:

Total Trend: 11

Trend Per Year
6
2020
2
2021
3
2022


Trend Per Month
2
Feb 2020
1
May 2020
2
Jun 2020
1
Nov 2020
1
Jan 2021
1
Feb 2021
2
Oct 2022
1
Dec 2022



[News Analysis] News Mention Another Threat Name:

19 - LODEINFO18 - WellMail18 - EVILNUM18 - Janicab18 - Poet RAT18 - AsyncRAT18 - Ave Maria18 - Cobalt Strike18 - Crimson RAT18 - CROSSWALK18 - Dtrack18 - MoriAgent18 - Okrum18 - PlugX18 - poisonplug18 - Rover18 - ShadowPad18 - SoreFang18 - Winnti1 - TSCookie


[TTP Analysis] Technique Performance:



[TTP Analysis] Mitre Attack Matrix:

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact


[Infrastructure Analysis] Based on Related IOC:

IP:Port Timestamp
Domain Timestamp
URL Timestamp


[Target Analysis] Region/Sector:

No information


References:

News Basic Information Indicator of Compromise Mitre Attack

News Article (Credit @Malpedia)

Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities

2022-12-14 by Dominik Breitenbacher from ESET Research

APT10: Tracking down LODEINFO 2022, part II

2022-10-31 by Suguru Ishimaru from Kaspersky Labs

APT10: Tracking down LODEINFO 2022, part I

2022-10-31 by Suguru Ishimaru from Kaspersky Labs

Further Updates in LODEINFO Malware

2021-02-18 by Kota Kino from JPCERT/CC

Tweet on LODEINFO ver 0.47 spotted ITW targeting Japan

2021-01-19 by JPCERT/CC from Twitter (@jpcert_ac)

APT trends report Q3 2020

2020-11-03 by GReAT from Kaspersky Labs

Analysis of LODEINFO Maldoc

2020-06-20 by msec1203 from Cyber And Ramen blog

マルウエアLODEINFOの進化 (Evolution of Malware LODEINFO)

2020-06-11 by Kota Kino from JPCERT/CC

Cyber Espionage Tradecraft in the Real World Adversaries targeting Japan in the second half of 2019

2020-05-01 by TeamT5 from Macnica Networks

Malware “LODEINFO” Targeting Japan

2020-02-27 by Kota Kino from JPCERT/CC

日本国内の組織を狙ったマルウエアLODEINFO

2020-02-20 by Kota Kino from JPCERT/CC

Basic Information (Credit @etda.or.th)

Tool: LODEINFO

Names: LODEINFO

Description: (JPCERT/CC) LODEINFO communicates with specific hosts and operates according to the commands received from there.

Category: Malware

Type: Backdoor

Information: https://blogs.jpcert.or.jp/en/2020/02/malware-lodeinfo-targeting-japan.html

Information: https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/

Information: https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-ii/107745/

Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.lodeinfo

Last-card-change: 2022-12-27

Source: https://apt.etda.or.th/cgi-bin/listtools.cgi

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact