假面之下:Konni组织冒充政府软件安装包攻击剖析
2024-05-31 • Qihoo360 • Under the Mask: Analysis of Konni Group's Attack Impersonating a Government Software Installer •
Konni is a North Korea-linked threat actor that targeted government-related users with MSI installer packages masquerading as legitimate software, including a Russian foreign-ministry-style statistics application. The report explains that the installer drops decoy program components while malicious behavior runs silently in the background, supporting espionage against Russian, Korean, and neighboring government-sector targets.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 78b3290a93de62116e083eb7c9b93b22 | 2024-05-31 | 2024-09-05 |
| HASH | 0018e7e7613bd92b9dc23b9d4db59fa8 | 2024-05-31 | 2024-09-05 |
| HASH | b896c2b2ae51f7100a342c73f5062896 | 2024-05-31 | 2024-09-05 |
| DOMAIN | victory-2024.mywebcommunity.org | 2024-02-21 | 2024-09-05 |
| HASH | 6810d356cf0d0c7fc4452caad4cbc864 | 2024-05-31 | 2024-05-31 |
| HASH | ae2cc3f595b08d1aa27cb059bd166636 | 2024-05-31 | 2024-05-31 |
| URL | http://victory-2024.mywebcommun… | 2024-05-31 | 2024-05-31 |
Related Actors
Related Reports
Shares tag: Konni • Shares 4 IOCs
Shares tag: Konni • Published within a month
Shares tag: Konni • Published within a month
Shares tag: Konni • Published within a week
Shares tag: Konni • Published within a month
Shares tag: Konni • Published within a month