IOC Radar
TLP:WHITE26 IOCs

To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer

DC
DCSO CyTec Blog
Published February 21, 2024Original Report

Threat Actors

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYAPT37KimsukyTA406INFRASTRUCTUREp593d8g9.mygamesonlin…88zr7cua.atwebpages.c…mhhnv7s9.myartsonline…CAPABILITYunknownVICTIMunknown
Adversary(3)
Infrastructure(6)
Capability
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise26

TypeIndicatorConfidenceScoreFirst Seen
Domainp593d8g9.mygamesonline.org
indicatorintel-blognetwork
High
58
Jun 2, 26
Domain88zr7cua.atwebpages.com
exploitintel-blognetwork
High
58
Jun 2, 26
Domainmhhnv7s9.myartsonline.com
indicatorintel-blognetwork
High
58
Jun 2, 26
Domaint8nptw2h.mywebcommunity.org
indicatorintel-blognetwork
High
58
Jun 2, 26
MD57f9fad83f4e56c684c11b9fffbd047e8
file-hashindicatorintel-blog
Medium
53
Jun 2, 26
Domainzomfaa9a.onlinewebshop.net
indicatorintel-blognetwork
High
58
Jun 2, 26
SHA25658bcd90f6f04c005c892267a3dfe91d1154d064482b07715ad5802f57c1ea32d
file-hashindicatorintel-blog
Medium
53
Jun 2, 26
Domainjbkza9h7.atwebpages.com
exploitintel-blognetwork
High
58
Jun 2, 26
Domaintl2j38w9.mypressonline.com
indicatorintel-blognetwork
High
58
Jun 2, 26
Domainvictory-2020.atwebpages.com
indicatorintel-blognetwork
High
58
Jun 2, 26
Domaincor8xcib.getenjoyment.net
exploitintel-blognetwork
High
58
Jun 2, 26
Domainmbfasq54.mypressonline.com
indicatorintel-blognetwork
High
58
Jun 2, 26
SHA2569339eaf1d77bb0324e393a08a6180fe0658761fc0cd20ba25081963286dfb9c7
file-hashindicatorintel-blog
Medium
53
Jun 2, 26
Domainp8tebfel.getenjoyment.net
exploitintel-blognetwork
High
58
Jun 2, 26
Domainvictory-2024.mywebcommunity.org
indicatorintel-blognetwork
High
58
Jun 2, 26
Domain99695njd.myartsonline.com
indicatorintel-blognetwork
High
58
Jun 2, 26
Domain3cym4ims.medianewsonline.com
indicatorintel-blognetwork
High
58
Jun 2, 26
Domainw9uzs9la.mywebcommunity.org
indicatorintel-blognetwork
High
58
Jun 2, 26
Domainj1p75639.medianewsonline.com
indicatorintel-blognetwork
High
58
Jun 2, 26
Domain24ev0apa.scienceontheweb.net
indicatorintel-blognetwork
High
58
Jun 2, 26
SHA256b60dc12833110098f5eec9a51749d227db7a12d4e91a100a4fd8815695f1093f
file-hashindicatorintel-blog
Medium
53
Jun 2, 26
Domain5s6bqbea.sportsontheweb.net
indicatorintel-blognetwork
High
58
Jun 2, 26
Domaing66nzt8q.mygamesonline.org
indicatorintel-blognetwork
High
58
Jun 2, 26
Domainzcvbm1zv.onlinewebshop.net
indicatorintel-blognetwork
High
58
Jun 2, 26
Domainc6cdg4su.sportsontheweb.net
indicatorintel-blognetwork
High
58
Jun 2, 26
Domain694qf6w8.scienceontheweb.net
indicatorintel-blognetwork
High
58
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph26 total IOCs
DomainMD5SHA256
Domain22SHA2563MD51Actors3REPORTTo Russia With Love: AssesAPT37KimsukyTA406
scroll to zoom · drag to pan · click IOC to open