North Korea-Linked Konni APT Group – Active IOCs
2025-04-03 • Rewterz •
https://rewterz.com/threat-advisory/north-korea-linked-konni-apt-group-active-iocs-14
Rewterz summarizes active indicators tied to the North Korea-linked Konni APT, a cyber-espionage group active since at least 2014. The source describes Konni RAT delivery through phishing messages or emails, with weaponized files leading to implants that collect victim information, capture screenshots, steal files, and provide a remote interactive shell. It cites targeting of government and political organizations in South Korea, the United States, Russia, East Asia, Europe, and the Middle East, including a January 2022 Russian diplomatic-sector lure themed around New Year's Eve. The advisory provides domains and hashes for blocking and hunting related Konni activity.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | e9239ba649aec746e3c0088bc564004… | 2025-04-03 | 2026-01-22 |
| IPv4 | 185.231.154.22 | 2024-07-31 | 2026-01-22 |
| IPv4 | 94.103.87.212 | 2024-07-31 | 2026-01-22 |
| IPv4 | 93.183.93.185 | 2024-07-12 | 2026-01-22 |
| IPv4 | 62.113.118.157 | 2024-07-08 | 2026-01-22 |
| DOMAIN | nationalinterestparty.com | 2025-04-01 | 2026-01-18 |
| DOMAIN | oldfoxcompany.com | 2025-04-01 | 2025-11-09 |
| DOMAIN | xcellentrenovations.com | 2025-04-01 | 2025-11-09 |
| IPv4 | 192.109.119.113 | 2025-04-01 | 2025-11-09 |
| DOMAIN | osbrankoradicevickm.com | 2025-04-01 | 2025-05-19 |
| HASH | d5669c046c78f54d2acb353626bb3bcf | 2025-04-03 | 2025-04-03 |
| HASH | 456987068ff42f8db6ff8e3af8b82e7… | 2025-04-03 | 2025-04-03 |
| HASH | 3872ff7378ab6b155c9af26285f1a9f… | 2025-04-03 | 2025-04-03 |
| HASH | e25c696a6d4b6eafde43f2d6b8db457… | 2025-04-03 | 2025-04-03 |
| HASH | d0544a045aae0e316380b57a7319ec5… | 2025-04-03 | 2025-04-03 |
| HASH | f61032939e029de3dd03c223c8bcb38… | 2025-04-03 | 2025-04-03 |
| HASH | 29b0a6b9608540b9446c0fb14a36f0b0 | 2025-04-01 | 2025-04-03 |
| HASH | ec6842538f6166462d498279b8a462b3 | 2025-04-01 | 2025-04-03 |
| DOMAIN | notkittenaround.digmoo.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | humanrights.co | 2025-04-01 | 2025-04-03 |
| DOMAIN | techtorev.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | playdxb.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | sarahmariegerrity.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | topledgrowlights.malapascuaisla… | 2025-04-01 | 2025-04-03 |
| DOMAIN | katekasoft.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | priesttools.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | nailemkosmetik.de | 2025-04-01 | 2025-04-03 |
| DOMAIN | sweetsonian.com | 2025-04-01 | 2025-04-03 |
| DOMAIN | meditationsecretsforwomen.com | 2025-04-01 | 2025-04-03 |