ioc[.]one - OSINT Cyber Threat Intelligence Database

New KONNI Campaign References North Korean Missile Capabilities

Tags

country:	North Korea South Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	e0bbd7d9-ea12-4cb6-8971-1ebf36359a50
Fingerprint	a12c1d35c5f7e7cb
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 6, 2017, 3:58 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 18, 2024, 11:13 p.m.
Headline	Vulnerability Information
Title	New KONNI Campaign References North Korean Missile Capabilities
Detected Hints/Tags/Attributes	32/3/13

Source URLs

	Redirection	Url
Details	Source	http://blog.talosintelligence.com/2017/07/konni-references-north-korean-missile-capabilities.html
Details	Source	https://blog.talosintelligence.com/2017/07/konni-references-north-korean-missile-capabilities.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	3		member-daumchk.netai.net
Details	File	1		c:\users\users\appdata\local\mfadata\event\eventlog.dll
Details	File	1		c:\users\users\appdata\local\mfadata\event\errorevent.dll
Details	File	2		errorevent.dll
Details	File	1021		rundll32.exe
Details	File	99		download.php
Details	File	2		uploadtm.php
Details	File	97		upload.php
Details	sha256	1		33f828ad462c414b149f14f16615ce25bd078630eee36ad953950e0da2e2cc90
Details	sha256	2		290b1e2415f88fc3dd1d53db3ba90c4a760cf645526c8240af650751b1652b8a
Details	sha256	2		8aef427aba54581f9c3dc923d8464a92b2d4e83cdf0fd6ace00e8035ee2936ad
Details	Windows Registry Key	1		HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDVCPE
Details	Windows Registry Key	1		HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RTHDVCPThis