North Korea-Linked Konni APT Group – Active IOCs
2025-01-07 • Rewterz •
https://www.rewterz.com/threat-advisory/north-korea-linked-konni-apt-group-active-iocs-13
This APT group was detected targeting the Russian diplomatic sector in January 2022, employing a spear phishing theme for New Year's Eve festivities as bait. The North Korean hacker group distributes Konni RAT via phishing messages or emails. KONNI has been linked to various alleged North Korean attacks targeting political groups in Russia, East Asia, Europe, and the Middle East. It is believed to be based in North Korea and is known for targeting government agencies and organizations in South Korea and the United States.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | c8556d5dd6383b600a459a531beb05ff | 2025-01-07 | 2025-01-24 |
| HASH | 3024b5438f5d63cdedb1c473cba07b1… | 2025-01-07 | 2025-01-24 |
| HASH | 4cd7e92ac6a3d068683d41beabd82d8… | 2025-01-07 | 2025-01-24 |
| URL | http://subscheme.info/upload.php | 2025-01-07 | 2025-01-24 |
| DOMAIN | subscheme.info | 2025-01-07 | 2025-01-24 |
| URL | http://subscheme.info/list.php?… | 2025-01-07 | 2025-01-07 |
| URL | http://subscheme.info/list.php?… | 2025-01-07 | 2025-01-07 |
Related Actors
Related Reports
2025-01-24 •
100% Match
북한 해킹 단체 Konni APT(Advanced Persistant Threat) 만든 악성코드-오류발견 수정신고 제출 요청 안내(국세징수법 시행규칙).hwp.lnk(2025.1.7)
Sakai
Shares tag: Konni • Shares 5 IOCs • Published within a month
Shares tag: Konni • Same author: Rewterz • Published within a month
Shares tag: Konni • Same author: Rewterz
2025-01-20 •
80% Match
An exploratory analysis of the DPRK cyber threat landscape using publicly available reports
lazarusholic
Shares tag: Konni • Published within a month
Shares tag: Konni • Same author: Rewterz
Shares tag: Konni