Investigating an Unfamiliar File with Synapse - Vertex | lazarus.day

Investigating an Unfamiliar File with Synapse

2024-05-20 • Vertex •

https://vertex.link/blogs/file-investigation/

#Konni #LNK

Thumbnail for Investigating an Unfamiliar File with Synapse

Vertex demonstrated a Synapse investigation beginning with a suspicious SHA256 file and enriching it through VirusTotal, MalwareBazaar, and MITRE ATT&CK data. The workflow connected the sample to Konni-tagged files, Korean tax-themed HWP and LNK lures, ttzcloud.com traffic, and the IP address 88.119.169.96. The article is useful as a practical investigation example for pivoting from one file hash into related DPRK-relevant infrastructure and malware context.

Indicators of Compromise

Type	Value	First Seen	Last Seen
URL	http://ttzcloud.com/upload.php	2023-09-15	2024-08-22
DOMAIN	ttzcloud.com	2023-09-15	2024-08-22
IPv4	88.119.169.96	2024-05-20	2024-05-20
HASH	d245f208d2a682f4d2c4464557973bf…	2023-09-12	2024-05-20

Related Actors

Konni

Cisco Talos

First seen: May 2017

Last seen: Mar 2026

Related Reports

2023-12-18 • 85% Match

Konni组织以邮件安全检查手册为诱饵的窃密行动分析

Qianxin

#Konni #LNK

Shares tags: Konni, LNK • Shares 2 IOCs

2024-06-18 • 80% Match

국세청 사칭 북한의 해킹 그룹 Konni(코니)에서 만든 악성코드-VAT.hwp(2024.6.13)

Sakai

#Konni #LNK

Shares tags: Konni, LNK • Published within a month

2024-06-03 • 80% Match

북한의 해킹 그룹 Konni(코니)에서 만든 악성코드-김명희_20240515.xlsx(2024.5.16)

Sakai

#Konni #LNK

Shares tags: Konni, LNK • Published within a month

2024-05-22 • 80% Match

xxx 토큰 유통량 및 락업 스케줄 로 위장한 Konni(코니) 에서 만든 악성코드-xxx 토큰 유통량 및 락업 스케줄(2024.5.13)

Sakai

#Konni #LNK

Shares tags: Konni, LNK • Published within a week

2024-05-06 • 80% Match

탈세제보로 위장한 Konni(코니) 에서 만든 악성코드-첨부1_소명자료 목록(탈세제보)(2024.4.5)

Sakai

#Konni #LNK

Shares tags: Konni, LNK • Published within a month

2024-07-31 • 70% Match

AutoIt 활용 방어 회피 전술의 코니 APT 캠페인 분석

Genians

#Konni #LNK #AutoIt

Shares tags: Konni, LNK