A Look Into Konni 2019 Campaign
2020-01-05 • d-hunter •
https://medium.com/d-hunter/a-look-into-konni-2019-campaign-b45a0f321e9b
The report tracks Konni malware campaigns that used malicious macro-enabled Word documents with Korean Peninsula and DPRK foreign-affairs themes. One observed lure targeted Russian-language speakers interested in dialogue between the United States and North Korea. Konni is described as a modular remote-administration tool that performs reconnaissance, exfiltrates data, and can receive additional modules. The analysis notes recurring technique overlaps across campaigns and says Konni activity has been potentially linked to APT37, a North Korea-associated espionage group.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 185.27.134.11 | 2018-03-02 | 2024-09-05 |
| HASH | ceb8093507911939a17c6c7b39475f5… | 2020-01-05 | 2020-01-23 |
| HASH | 7d2b1af486610a45f78a573af9a9ad0… | 2020-01-05 | 2020-01-23 |
| HASH | 52ba17b90244a46e0ef2a653452b26b… | 2020-01-05 | 2020-01-23 |
| HASH | ed63e84985e1af9c4764e6b6ca513ec… | 2020-01-05 | 2020-01-23 |
| HASH | 4c201f9949804e90f94fe91882cb8aa… | 2020-01-05 | 2020-01-23 |
| DOMAIN | panda2019.eu5.org | 2020-01-05 | 2020-01-23 |
| IPv4 | 162.253.155.226 | 2020-01-05 | 2020-01-23 |
| IPv4 | 69.197.143.12 | 2020-01-05 | 2020-01-23 |
| DOMAIN | eu5.org | 2019-08-19 | 2020-01-23 |
| DOMAIN | handicap.eu5.org | 2019-08-19 | 2020-01-23 |
| HASH | 7f6984fa9d0bbc1bd6ab531f0a8c2f4… | 2020-01-05 | 2020-01-05 |
| HASH | e94fa697d8661d79260edf17c0a519f… | 2020-01-05 | 2020-01-05 |
| HASH | 2ab1b28bae24217e8b6dd0cd30bb725… | 2020-01-05 | 2020-01-05 |
| HASH | 274e706809a1c0363f78363d0c6a7d2… | 2020-01-05 | 2020-01-05 |
| HASH | 8795b2756efa32d5101a8d38ea27fca… | 2020-01-05 | 2020-01-05 |
| HASH | 6a22db7df237c085855deb486862171… | 2020-01-05 | 2020-01-05 |
| HASH | 290c942da70c68d28a387775fbb7e6c… | 2020-01-05 | 2020-01-05 |
| HASH | 8da5b75b6380a41eee3a399c43dfe0d… | 2020-01-05 | 2020-01-05 |
| HASH | 6256ba2b89c78877328cc70d45db980… | 2020-01-05 | 2020-01-05 |
| URL | http://handicap.eu5.org | 2020-01-05 | 2020-01-05 |
| IPv4 | 88.99.13.69 | 2020-01-05 | 2020-01-05 |
| URL | http://handicap.eu5.org/1.txt | 2019-08-19 | 2020-01-05 |
| DOMAIN | clean.1apps.com | 2019-05-24 | 2020-01-05 |
| DOMAIN | ftpupload.net | 2019-05-24 | 2020-01-05 |