ioc[.]one - OSINT Cyber Threat Intelligence Database

KONNI: A Malware Under The Radar For Years

Tags

country:	North Korea Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	181d06db-ee57-487d-888f-e5e1b5b3fd69
Fingerprint	adbc2d2fc5a4d74b
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 3, 2017, 12:59 p.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 12:58 p.m.
Headline	Vulnerability Information
Title	KONNI: A Malware Under The Radar For Years
Detected Hints/Tags/Attributes	57/3/40

Source URLs

	Redirection	Url
Details	Source	http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html
Details	Source	https://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	phpschboy.prohosts.org
Details	Domain	1	jams481.site.bz
Details	Domain	1	dowhelsitjs.netau.net
Details	Domain	1	pactchfilepacks.net23.net
Details	Domain	1	checkmail.phpnet.us
Details	File	207	login.php
Details	File	1	screentmp.tmp
Details	File	1	conhote.dll
Details	File	3	winnit.exe
Details	File	97	upload.php
Details	File	98	download.php
Details	File	1	wpg.db
Details	File	2	uploadtm.php
Details	File	1	error.tmp
Details	File	1	c:\windows\beauty.jpg
Details	File	13	c:\windows\svchost.exe
Details	File	18	winload.exe
Details	File	1	winload.dll
Details	sha256	1	413772d81e4532fec5119e9dce5e2bf90b7538be33066cf9a6ff796254a5225f
Details	sha256	1	eb90e40fc4d91dec68e8509056c52e9c8ed4e392c4ac979518f8d87c31e2b435
Details	sha256	1	44150350727e2a42f66d50015e98de462d362af8a9ae33d1f5124f1703179ab9
Details	sha256	1	94113c9968db13e3412c1b9c1c882592481c559c0613dbccfed2fcfc80e77dc5
Details	sha256	1	56f159cde3a55ae6e9270d95791ef2f6859aa119ad516c9471010302e1fb5634
Details	sha256	1	553a475f72819b295927e469c7bf9aef774783f3ae8c34c794f35702023317cc
Details	sha256	1	92600679bb183c1897e7e1e6446082111491a42aa65a3a48bd0fceae0db7244f
Details	sha256	1	69a9d7aa0cb964c091ca128735b6e60fa7ce028a2ba41d99023dd57c06600fe0
Details	sha256	1	3de491de3f39c599954bdbf08bba3bab9e4a1d2c64141b03a866c08ef867c9d1
Details	sha256	1	39bc918f0080603ac80fe1ec2edfd3099a88dc04322106735bc08188838b2635
Details	sha256	1	dd730cc8fcbb979eb366915397b8535ce3b6cfdb01be2235797d9783661fc84d
Details	sha256	1	640477943ad77fb2a74752f4650707ea616c3c022359d7b2e264a63495abe45e
Details	sha256	1	4585584fe7e14838858b24c18a792b105d18f87d2711c060f09e62d89fc3085b
Details	sha256	1	f091d210fd214c6f19f45d880cde77781b03c5dc86aa2d62417939e7dce047ff
Details	sha256	1	0f327d67b601a87e575e726dc67a10c341720267de58f3bd2df3ce705055e757
Details	sha256	1	234f9d50aadb605d920458cc30a16b90c0ae1443bc7ef3bf452566ce111cece8
Details	sha256	1	581e820637decf37bfd315c6eb71176976a0f2d59708f2836ff969873b86c7db
Details	sha256	1	97b1039612eb684eaec5d21f0ac0a2b06b933cc3c078deabea2706cb69045355
Details	sha256	1	dae9d8f9f7f745385286775f6e99d3dcc55bbbe47268a3ea20deffe5c8fd0f0e
Details	sha256	1	e6a9d9791f763123f9fe1f69e69069340e02248b9b16a88334b6a5a611944ef9
Details	sha256	1	ead47df090a4de54220a8be27ec6737304c1c3fe9d0946451b2a60b8f11212d1
Details	Windows Registry Key	49	HKLM\Software\Microsoft\Windows