APT10 HUNTER RISE ver3.0: Repel new malware LODEINFO, DOWNJPIT and LilimRAT

First discovered in December 2019 by JPCERT/CC, LODEINFO is a fileless backdoor that was seen being delivered via spear-phishing emails to some Japanese organizations, such as the media, diplomatic organizations, public agencies, the defense sector, and a think tank. This malware is still being actively deployed in APT campaigns. Because, the new version v0.4.9 of LODEINFO was discovered in April 2021.

Kaspersky have been closely tracking the APT actor's activity using LODEINFO. Then, we have found a previously undiscovered malware such as DOWNJPIT and LILIM RAT related to LODEINO.

Through this presentation, I will share the investigation results of these two pieces of malware, which have yet to be reported on by the security community, and shed light on its association with previous activities by the APT10.