• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Phishing Campaign Using Zoom Invites
June 15, 2020
Rewterz Threat Alert – Anubis and Spynote Malware Distributed via Fake Covid-19 Applications
June 15, 2020

Rewterz Threat Alert – LODEINFO Malware

June 15, 2020

Severity


Medium

Analysis Summary

LODEINFO malware aimed to target Japanese users is still active and can shift it’s focus to other countries as well. It is distributed via spear phishing emails by using file names related to the new coronavirus.The source of all known attacks is targeted attack emails with attachments. A Word document or an Excel document is used as the attachment file. By opening the attachment file and enabling the macro, the included LODEINFO is created and executed on the host. It can be a subject regarding coronavirus updates or pretending to be a resume or application to a company. Malware LODEINFO is being developed frequently, and attacks have been confirmed as well. It is possible that attacks using this malware will continue in the future.

Impact

Exposure of sensitive data

Indicators of Compromise

MD5

  • 327d8070a583bdecc349275b1f018dce
  • e7c9d5568ed5c646c410e3928ab9a093
  • d384e0566e16a45389030606155607c0

SHA-256

  • 65433fd59c87acb8d55ea4f90a47e07fea86222795d015fe03fba18717700849
  • 8c062fef5a04f34f4553b5db57cd1a56df8a667260d6ff741f67583aed0d4701
  • 1cc809788663e6491fce42c758ca3e52e35177b83c6f3d1b3ab0d319a350d77d

SHA1

  • df51b04b69db55597878c781397fa25cbb69b9a9
  • a3558caf41bac1b3c4ad2cc80945501a3ab99859
  • 35ee986fd35ccd72507328b93e31e9580fd2512c

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your existing environment.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.