On 28th March 2020, the security researcher disclosed the details of another critical campaign that uses to executes multiple malicious backdoor and exfiltrate the information from the numerous industries located in Japan.

According to the security researcher, these backdoor extract the updated attack that was undertaken by the APT10 that uses undocumented malware that delivers the three payloads with deals with SodaMaster, P8RAT, and FYAnti.

What Followed Specifically?

However, the long-running intelligence-gathering operation came into March notifies that these attacks identified were especially targeted the organization liked to Japan and along with 17 more regions across the world.

These attacks are disclosed by the experts in January 2021 and the chain the legitimate the multi-stage attack process that deals with initial intrusion and abuse the SSL-VPN that exploit unpatched vulnerabilities or stolen credentials and other data.

Multiple Cyber experts said that the center of this entire campaign is the malware that was named Ecipekac which is a four-layer complicated loading schema that makes the use of 4 files and that loads and decrypts the fileless loader modules after the other and then it execute the final payload into the victim’s memory.

Whereas the main purpose of P8RAT and SodaMaster is to install and run the payloads that were retrieved from the hackers and established a remote-controlled server that is used to extract the malware into the Windows system.

However, the third payload named as FYAnti is a multi-layed module that is also a loader executed from two or more successive layers that deploy a final-stage of remote malware Trojan also identified as QuasarRAT or xRAT.

Summering Up

The Experts also said these operations and implants of the campaign are very tough to track and the other activities are very remarkable and stealthy. The main feature of this malware is to implants an anti-VM and remove the activities tracked.