New variant of Konni malware used in campaign targetting Russia

2021-08-20 Malwarebytes

https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/

Thumbnail for New variant of Konni malware used in campaign targetting Russia

This blog post was authored by Hossein Jazi In late July 2021, we identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. Konni is a Rat that potentially is used by APT37 to target its victims. In those campaigns the actor used lures in Russian language to target Russia.

Indicators of Compromise

Type Value First Seen Last Seen
DOMAIN takemetoyouheart.c1.biz 2021-08-20 2024-09-05
HASH f702dfddbc5b4f1d5a5a9db0a2c0139… 2021-08-20 2022-01-26
HASH 10109e69d1fb2fe8f801c3588f829e0… 2021-08-20 2021-08-20
HASH a7d5f7a14e36920413e743932f26e62… 2021-08-20 2021-08-20
HASH fccad2fea7371ad24a1256b78165bce… 2021-08-20 2021-08-20
HASH 617f733c05b42048c0399ceea50d6e3… 2021-08-20 2021-08-20
HASH 4876a41ca8919c4ff58ffb4b4df5420… 2021-08-20 2021-08-20
HASH 7f82540a6b3fc81d581450dbdf7dec7… 2021-08-20 2021-08-20
HASH 80641207b659931d5e3cad7ad5e3e65… 2021-08-20 2021-08-20
HASH 062aa6a968090cf6fd98e1ac8612dd4… 2021-08-20 2021-08-20
HASH 7a8f0690cb0eb7cbe72ddc9715b1527… 2021-08-20 2021-08-20
HASH d283a0d5cfed4d212cd76497920cf82… 2021-08-20 2021-08-20
HASH 491ed46847e30b9765a7ec5ff08d9ac… 2021-08-20 2021-08-20
URL http://taketodjnfnei898.c1.biz/… 2021-08-20 2021-08-20
URL http://taketodjnfnei898.c1.biz/… 2021-08-20 2021-08-20
DOMAIN taketodjnfnei898.c1.biz 2021-08-20 2021-08-20
DOMAIN romanovawillkillyou.c1.biz 2021-08-20 2021-08-20
DOMAIN taketodjnfnei898.ueuo.com 2021-08-20 2021-08-20

Related Actors

Related Reports

« Back