
Global Chain of Deception:''Unraveling the Konni Campaign's Cyber Intrigue''
KonniKONNIwin.konniAPT37
This campaign extracts information from devices and executes commands using a Remote Access Trojan (RAT). This campaign, which has been going on for years, uses a variety of methods for initial access and load delivery. Later in this campaign, FortiGuard Labs detected a Word document containing a malicious macro in Russian. Although the document was created in September, activity on the campaign's control server continues.
Indicators of Compromise
m2jymd.c1.bizSOCRadar2023-11-29
3pl0y5.c1.bizSOCRadar2023-11-29
9b31n8.c1.bizSOCRadar2023-11-29
glws5m.c1.bizSOCRadar2023-11-29
rziju6.c1.bizSOCRadar2023-11-29
7qnbae.c1.bizSOCRadar2023-11-29
bg5pl1.c1.bizSOCRadar2023-11-29
ewqqa4.c1.bizSOCRadar2023-11-29
558ga9.c1.bizSOCRadar2023-11-29
kmdqj1.c1.bizSOCRadar2023-11-29
3897lb.c1.bizSOCRadar2023-11-29
aocsff.c1.bizSOCRadar2023-11-29
6e2nbc.c1.bizSOCRadar2023-11-29
b91stf.c1.bizSOCRadar2023-11-29
vqt9i1.c1.bizSOCRadar2023-11-29
pm90p1.c1.bizSOCRadar2023-11-29
ouvxu2.c1.bizSOCRadar2023-11-29
dpgbep.c1.bizSOCRadar2023-11-29
pxyunf.c1.bizSOCRadar2023-11-29
caoy9n.c1.bizSOCRadar2023-11-29
niubab.comSOCRadar2023-11-29
gaweeweb.comSOCRadar2023-11-29
APT Groups1
APT37Korea, Democratic People's Republic of
Moldy PiscesRuby SleetTEMP.ReaperReaperRed EyesCrooked PiscesGroup 123Ricochet ChollimaAPT 37ITG10Opal SleetInkySquidScarCruftATK 4Geumseong121CeriumOsmiumHermitVenus 121
Campaign Guidance
Remediation, mitigation, notes, history and related intelligence
REMEDIATIONS
Disabling Macros: Prevent the execution of macros in Microsoft Office documents, especially from unknown sources.
Cyber Security Awareness: Train users to be cautious about enabling macros and to recognize phishing attempts or suspicious documents.
Enhanced Monitoring: Implement monitoring for unusual script executions, Registry changes, and creation of new services, particularly those that mimic legitimate service names.
Regular System Scans: Conduct frequent scans for suspicious files and activities, particularly focusing on temporary folders and system directories.
Network Segmentation: Limit the spread of malware by segmenting networks and restricting access to critical resources.
Incident Response Plan: Have a robust incident response plan to quickly address any signs of infection.
Regular Software Updates: Ensure that all software, including operating systems and antivirus programs, are regularly updated to latest version.
UAC Settings: Configure User Account Control settings to prompt for credentials or approval for any changes that may affect system configuration or security.
These strategies can help mitigate the risks posed by the KONNI malware and similar threats.
Reports & References1
Observed Countries9
CN (897)
IN (721)
JP (751)
KR (613)
KW (526)
NP (650)
RO (356)
RU (388)
VN (87)