통일 및 북한인권 분야 표적 Konni APT 캠페인
2023-09-26 • Genians • Konni APT campaign targeting unification and North Korean human rights fields •
https://www.genians.co.kr/hubfs/blogfile/20230926_threat_inteligence_report_konniapt.pdf
Attachments
Konni APT targeted South Korean unification and North Korean human-rights communities with spear-phishing emails that impersonated government or civic-event material. Genians documents lures tied to the NCNKHR founding meeting and Ministry of Unification reorganization material, delivered as ZIP files containing double-extension LNK files such as XLSX or PDF decoys. The LNK execution chain used embedded malicious commands, VBS and BAT scripts, partial obfuscation, and compromised Korean websites as intermediate infrastructure to leak host information and support follow-on activity. The report maps the campaign with Genian EDR telemetry and notes overlap with earlier Konni campaigns, including tax-themed and internet-bank security-mail lures.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 75375c22c72f1beb76bea39c22a1ed68 | 2023-09-26 | 2026-01-14 |
| DOMAIN | resolver1.opendns.com | 2023-05-05 | 2023-12-18 |
| URL | http://anrun.kr/movie/contents.… | 2023-09-26 | 2023-11-24 |
| URL | http://anrun.kr/movie/contents.… | 2023-09-01 | 2023-11-24 |
| DOMAIN | anrun.kr | 2023-09-01 | 2023-11-24 |
| IPv4 | 121.254.129.93 | 2023-09-26 | 2023-10-27 |
| HASH | 7336068f2c5ed3ed154b6c8b1d72726a | 2023-09-26 | 2023-10-16 |
| IPv4 | 5.8.71.81 | 2023-06-09 | 2023-10-16 |
| DOMAIN | naver-file.com | 2023-05-01 | 2023-10-16 |
| HASH | 37726543ff0bf6067ffa06e3dec8823d | 2023-09-26 | 2023-09-26 |
| HASH | 45aca657889ac60f1ee129c5c8442cdb | 2023-09-26 | 2023-09-26 |
| HASH | 75ca52afafe3fe6c053da9f1db90590a | 2023-09-26 | 2023-09-26 |
| HASH | 168bcc063501d191d82aaa3a32741a12 | 2023-09-26 | 2023-09-26 |
| HASH | f52e3524e842d3df01088914692b283e | 2023-09-26 | 2023-09-26 |
| HASH | 740f4dcb8d64c0bc7bb6998648a48767 | 2023-09-26 | 2023-09-26 |
| HASH | 90468e4bdf61cf146030515ed3e15d81 | 2023-09-26 | 2023-09-26 |
| HASH | bc3fb948dc956f79dbc7aac06442d6ef | 2023-09-26 | 2023-09-26 |
| HASH | 1516d5382ac2af37d47ba1ccbc22146… | 2023-09-26 | 2023-09-26 |
| HASH | e9f7e2eaf7f299d0ae4a4625eda8c5b… | 2023-09-26 | 2023-09-26 |
| HASH | 6b944c9dc4b760fffb56adf4fecf6764 | 2023-09-26 | 2023-09-26 |
| DOMAIN | m.co.kr | 2023-09-26 | 2023-09-26 |
| DOMAIN | ddmccic.or.kr | 2023-09-26 | 2023-09-26 |
| DOMAIN | m2comm.co.kr | 2023-09-26 | 2023-09-26 |
| IPv4 | 112.222.52.98 | 2023-09-26 | 2023-09-26 |
| IPv4 | 116.122.157.24 | 2023-09-26 | 2023-09-26 |
| HASH | d7d48592bc21b37c02891e0e036bf26c | 2023-09-01 | 2023-09-26 |
| HASH | b86c38ae5c24c55831d7f8ca3cbeb814 | 2023-09-01 | 2023-09-26 |
| HASH | 26f69f8917f6890f26ec5b10611df092 | 2023-09-01 | 2023-09-26 |
| HASH | 892bd45372876d29e883e114981e311b | 2023-09-01 | 2023-09-26 |
| HASH | ff4067b4865c9b49da2f28ac12ca5c1a | 2023-09-01 | 2023-09-26 |
| HASH | db31a36e1684c568fa3529d60a59ba29 | 2023-09-01 | 2023-09-26 |
| DOMAIN | naver-storage.com | 2023-05-01 | 2023-09-26 |
| DOMAIN | daum-store.com | 2023-05-01 | 2023-09-26 |
| DOMAIN | nate-download.com | 2023-05-01 | 2023-09-26 |