경찰청과 국가인권위를 사칭한 Konni APT 캠페인 분석
2025-04-01 • Genians • Analysis of a Konni APT Campaign Impersonating the Police and National Human Rights Commission •
https://www.genians.co.kr/blog/threat_intelligence/konni_disguise
Genians analyzes a Konni APT campaign impersonating South Korean government bodies, including the National Human Rights Commission and police investigators, to pressure targets with spear-phishing themes. The activity uses spoofed sender identities, conversational lures, and staged trust-building before delivering malicious files, including LNK shortcuts and AutoIT scripts rather than only conventional executables or documents. The report highlights targeting of North Korean human-rights and defector-related communities and recommends behavior-based endpoint detection and managed response to hunt non-executable malware delivery.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 185.231.154.22 | 2024-07-31 | 2026-01-22 |
| IPv4 | 94.103.87.212 | 2024-07-31 | 2026-01-22 |
| IPv4 | 93.183.93.185 | 2024-07-12 | 2026-01-22 |
| IPv4 | 62.113.118.157 | 2024-07-08 | 2026-01-22 |
| DOMAIN | nationalinterestparty.com | 2025-04-01 | 2026-01-18 |
| HASH | f6800836d55d049fe79e3d47d54e1119 | 2025-04-01 | 2025-11-09 |
| HASH | 99ee7852b8041a540fdb74b3784d0409 | 2025-04-01 | 2025-11-09 |
| DOMAIN | oldfoxcompany.com | 2025-04-01 | 2025-11-09 |
| DOMAIN | xcellentrenovations.com | 2025-04-01 | 2025-11-09 |
| IPv4 | 192.109.119.113 | 2025-04-01 | 2025-11-09 |
| DOMAIN | osbrankoradicevickm.com | 2025-04-01 | 2025-05-19 |
| HASH | 29b0a6b9608540b9446c0fb14a36f0b0 | 2025-04-01 | 2025-04-03 |
| HASH | ec6842538f6166462d498279b8a462b3 | 2025-04-01 | 2025-04-03 |
| DOMAIN | notkittenaround.digmoo.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | humanrights.co | 2025-04-01 | 2025-04-03 |
| DOMAIN | techtorev.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | playdxb.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | sarahmariegerrity.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | topledgrowlights.malapascuaisla… | 2025-04-01 | 2025-04-03 |
| DOMAIN | katekasoft.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | priesttools.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | nailemkosmetik.de | 2025-04-01 | 2025-04-03 |
| DOMAIN | sweetsonian.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | meditationsecretsforwomen.com | 2025-04-01 | 2025-04-03 |
| HASH | 3a9c98fb76aaa4f440c059334b585585 | 2025-04-01 | 2025-04-01 |
| HASH | b9ef6b03d44891ec8766643514fe3294 | 2025-04-01 | 2025-04-01 |
| HASH | a7f908d3f49b4f53e7f658071aff5410 | 2025-04-01 | 2025-04-01 |
| HASH | 6e1ce18cb9065bf0ea91fc5c2817e941 | 2025-04-01 | 2025-04-01 |
| HASH | 7c22515a47e94581cc7b62b88a205808 | 2025-04-01 | 2025-04-01 |
| HASH | b67b3863f1182d8abdcf54fd0938cea8 | 2025-04-01 | 2025-04-01 |
| HASH | 7449b3528dffeb2babfc113308e47bb7 | 2025-04-01 | 2025-04-01 |
| HASH | 1827287811ef97153d0ea850673ecec1 | 2025-04-01 | 2025-04-01 |
| HASH | b9d52717f3f9e32258bd2e8260d27ef1 | 2025-04-01 | 2025-04-01 |
| HASH | 8efee9143c9bc4dc3cd8cf2ef5a87656 | 2025-04-01 | 2025-04-01 |
| DOMAIN | mail.sweetsonian.com | 2025-04-01 | 2025-04-01 |