S0356Windows
S0356KONNI
Platforms
1
ATT&CK
14.1
References
6
Description
[KONNI](https://attack.mitre.org/software/S0356) is a remote access tool that security researchers assess has been used by North Korean cyber actors since at least 2014. [KONNI](https://attack.mitre.org/software/S0356) has significant code overlap with the [NOKKI](https://attack.mitre.org/software/S0353) malware family, and has been linked to several suspected North Korean campaigns targeting political organizations in Russia, East Asia, Europe and the Middle East; there is some evidence potentially linking [KONNI](https://attack.mitre.org/software/S0356) to [APT37](https://attack.mitre.org/groups/G0067).(Citation: Talos Konni May 2017)(Citation: Unit 42 NOKKI Sept 2018)(Citation: Unit 42 Nokki Oct 2018)(Citation: Medium KONNI Jan 2020)(Citation: Malwarebytes Konni Aug 2021)
Platforms· 1
Windows
Attributed to1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Group | APT37g0067 | 100% | live |
References
- https://attack.mitre.org/software/S0356
- https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/
- https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/
- https://medium.com/d-hunter/a-look-into-konni-2019-campaign-b45a0f321e9b
- https://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html
- https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.