S0353Windows

S0353NOKKI

Platforms
1
ATT&CK
14.1
References
3

Description

[NOKKI](https://attack.mitre.org/software/S0353) is a modular remote access tool. The earliest observed attack using [NOKKI](https://attack.mitre.org/software/S0353) was in January 2018. [NOKKI](https://attack.mitre.org/software/S0353) has significant code overlap with the [KONNI](https://attack.mitre.org/software/S0356) malware family. There is some evidence potentially linking [NOKKI](https://attack.mitre.org/software/S0353) to [APT37](https://attack.mitre.org/groups/G0067).(Citation: Unit 42 NOKKI Sept 2018)(Citation: Unit 42 Nokki Oct 2018)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupAPT37g0067100%live

References

  1. https://attack.mitre.org/software/S0353
  2. https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/
  3. https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
KONNI
Software
NanoCore
Software
Okrum
Software
njRAT
Software
ROKRAT
Software
NetTraveler
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.