APT组织Konni对韩最新攻击细节曝光
2024-07-12 • Threat Book • Latest Konni APT attack details targeting South Korea exposed •
Konni activity against South Korean targets used spear-phishing lures and LNK files to start a compiled AutoIt payload with low detection coverage, according to the archived source. The reporting highlights compromised-site payload hosting, Korean RTP engineering and tax or North Korea market-research targets, and sample SHA-256 d7f9185ffc17b3d6f1fd91eafbf9ccc42e2d75c338571a03aec2fd44993e3d37, making LNK execution, AutoIt interpreters, and short-lived external payload staging key detection areas.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | autoitscript.com | 2024-07-12 | 2026-01-22 |
| IPv4 | 93.183.93.185 | 2024-07-12 | 2026-01-22 |
| HASH | 87dc4c8f67cffc8a9699328face923e2 | 2024-07-12 | 2024-11-10 |
| HASH | c5d67fb97a7a824168c872f8557eb52… | 2024-07-12 | 2024-11-10 |
| HASH | 0aaec376904434197bae4f1a10ecfe8… | 2024-07-08 | 2024-11-10 |
| HASH | d7f9185ffc17b3d6f1fd91eafbf9ccc… | 2024-07-12 | 2024-10-30 |
| URL | https://jethropc.com | 2024-07-12 | 2024-10-30 |
| DOMAIN | phasechangesolutions.com | 2024-07-12 | 2024-10-30 |
| HASH | 65f5f7d127c478522e9669200de2000… | 2024-05-06 | 2024-10-30 |
| HASH | 2189aa5be8a01bc29a314c3c3803c2b… | 2024-05-06 | 2024-10-30 |
| HASH | 9d6c79c0b395cceb83662aa3f7ed0123 | 2024-05-06 | 2024-10-30 |
| DOMAIN | executivedaytona.com | 2024-07-12 | 2024-07-31 |
| HASH | 8348e14c4e060e1eba840d5e56ab3e4d | 2024-07-12 | 2024-07-12 |
| HASH | 7887cea2962c954ccb60d005da03abcf | 2024-07-12 | 2024-07-12 |
| HASH | 0329bb5b3a450b0a8f148a57e045bf6e | 2024-07-12 | 2024-07-12 |
| HASH | 68962517d1b3e3d2a472f5d952a03f8e | 2024-07-12 | 2024-07-12 |
| HASH | d40eb49a62e026bd71b021a2efc40aed | 2024-07-12 | 2024-07-12 |
| HASH | 4564d95fdfa8236ea960535710661c5f | 2024-07-12 | 2024-07-12 |
| HASH | 131f49a84527c6b0a710b50df661575e | 2024-07-12 | 2024-07-12 |
| HASH | 5294b8644c107646e75d225a45fff015 | 2024-07-12 | 2024-07-12 |
| HASH | 0aaec376904434197bae4f1a10ecfe8d | 2024-07-12 | 2024-07-12 |
| HASH | 2189aa5be8a01bc29a314c3c3803c2b8 | 2024-07-12 | 2024-07-12 |
| HASH | 5ea09247ad85915a8d1066d1825061cc | 2024-07-12 | 2024-07-12 |
| HASH | ba59f1ece68fa051400fd46467b0dc0a | 2024-07-12 | 2024-07-12 |
Related Actors
Related Reports
Shares tag: Konni • Shares 10 IOCs • Same author: Threat Book
Shares tag: Konni • Shares 5 IOCs • Published within a month
Shares tag: Konni • Shares 1 IOC • Published within a week
2024-07-25 •
80% Match
북한 해킹 단체 Konni(코니) 암호화폐 거래소 빗썸(Bithumb) 정보 업데이트 요청으르로 위장한 악성코드-금융당국 요청에 따른 프로젝트 정보 확인 요청의 건.zip(2024.7.23)
Sakai
Shares tag: Konni • Published within a month
Shares tag: Konni • Published within a month
Shares tag: Konni • Published within a month