North Korea-Linked Konni APT Group – Active IOCs
2024-12-23 • Rewterz •
https://www.rewterz.com/threat-advisory/north-korea-linked-konni-apt-group-active-iocs-37739
This APT group was detected targeting the Russian diplomatic sector in January 2022, employing a spear phishing theme for New Year's Eve festivities as bait. The North Korean hacker group distributes Konni RAT via phishing messages or emails. KONNI has been linked to various alleged North Korean attacks targeting political groups in Russia, East Asia, Europe, and the Middle East. It is believed to be based in North Korea and is known for targeting government agencies and organizations in South Korea and the United States.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | f9ec5982db1f1719d25337dc045f11c… | 2024-12-23 | 2024-12-23 |
| HASH | 5c88f02ebe01437130b82c4d5e87504f | 2024-12-23 | 2024-12-23 |
| HASH | c94e58f134c26c3dc25f69e4da81d75… | 2024-12-23 | 2024-12-23 |
| HASH | 2eebb492567f5d4727c2812a151ead68 | 2024-12-23 | 2024-12-23 |
| HASH | 33f7b924363ca6cd73e0860466b9c91… | 2024-12-23 | 2024-12-23 |
| HASH | 3b67217507e0c44bd7a4cfafed0e895… | 2024-12-23 | 2024-12-23 |
| IPv4 | 64.227.161.158 | 2024-12-23 | 2024-12-23 |
Related Actors
Related Reports
Shares tag: Konni • Same author: Rewterz • Published within a month
2025-01-20 •
80% Match
An exploratory analysis of the DPRK cyber threat landscape using publicly available reports
lazarusholic
Shares tag: Konni • Published within a month
Shares tag: Konni • Same author: Rewterz
Shares tag: Konni • Same author: Rewterz
Shares tag: Konni
Shares tag: Konni