Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

330K
active users

mastodon.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-nightly.2025-04-28

#konni

2 posts2 participants0 posts today
Public
lazarusholic

"제안서로 위장을 하고 있는 북한 코니(Konni) 에서 만든 악성코드-제안서(2025.4.11)" published by Sakai. #Konni, #LNK, #DPRK, #CTI wezard4u.tistory.com/429464

꿈을꾸는 파랑새 · 제안서로 위장을 하고 있는 북한 코니(Konni) 에서 만든 악성코드-제안서(2025.4.11)오늘은 언제나 제안서로 위장하는 북한 코니(Konni) 에서 만든 악성코드에 대해 알아보겠습니다. 먼저 해쉬값은 다음과 같습니다.파일명:제안서.pdf.lnk사이즈:5 MBMD5:777b6a02f7a44582c40ddadb82e60ddbSHA-1:6af737ebc782825ebeb7dba389770a843811aff4SHA-256:401f5a93a9496262fc83ea4cf557e4e9c15e4d2befacf475beba897986752d88입니다. 일단 해시만 보고 개인적인 생각은 무엇인가 포함되어 있다는 것을 확인할 수가 있습니다.일다 먼저 악성코드를 먼저 보아야 할 것입니다.악성코드 내부StringData{ namestring: pdf File relativepath: not present work..
Public
lazarusholic

"북한 해킹 그룹 Konni(코니)에서 만든 악성코드-ECRM.M.hwp.lnk(<-가칭,2025.3.24)" published by Sakai. #Konni, #LNK, #DPRK, #CTI wezard4u.tistory.com/429451

꿈을꾸는 파랑새 · 북한 해킹 그룹 Konni(코니)에서 만든 악성코드-ECRM.M.hwp.lnk(<-가칭,2025.3.24)오늘은 북한 해킹 그룹 Konni(코니)에서 만든 악성코드에서 만든 악성코드 ECRM.M.M.hwp.lnk(파일명:ECRM.M.M.hwp.lnk사이즈:1 MBMD5:6da06e1e7b9e8e5eb9f199b0fbcf811aSHA-1:6ae124c02d58737ba8b74e1f2da6b45ea369f1dfSHA-256:6fb3dfe451b37b0304a42e62759bf3670d5b4dd0232621dac0739061fa4704e2악성코드 에 포함된 코드StringData{ namestring: not present relativepath: ..\..\..\Windows\System32\mshta(.)exe workingdir: not present commandlineargument..
Public
OTX Bot

Konni RAT Exploit Windows Explorer

The full list of names and names of people who have been identified as "neural" or "physic" has been released by the Library of the House of Commons. and its website.

Pulse ID: 67edbb3b5cf7ecd21bd65a0b
Pulse Link: otx.alienvault.com/pulse/67edb
Pulse Author: cryptocti
Created: 2025-04-02 22:33:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#InfoSec#Konni
Public
OTX Bot

Analysis of Konni RAT: Stealth, Persistence, and Anti-Analysis Techniques

Konni RAT, a sophisticated remote access Trojan targeting Windows systems, employs a multi-stage attack process using batch files, PowerShell scripts, and VBScript. It exploits Windows Explorer limitations, obfuscates file paths, dynamically generates URLs, and uses temporary files to erase activity traces. The malware efficiently exfiltrates critical data to remote servers and maintains persistence through registry modifications. Key tactics include exploiting file extension hiding, the 260-character limit in LNK files, and complex variables for detection evasion. Konni RAT's modular design and advanced strategies present substantial risks to system security, highlighting the need for robust cybersecurity measures and proactive defense strategies.

Pulse ID: 67ebfca2fae9b2cbac99f5ae
Pulse Link: otx.alienvault.com/pulse/67ebf
Pulse Author: AlienVault
Created: 2025-04-01 14:48:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#ICS#InfoSec
Public
lazarusholic

"북한 해킹 그룹 Konni(코니)에서 만든 사이버범죄 신고시스템 사칭 악성코드-ECRM.hwp.lnk(2025.3.11)" published by Sakai. #Konni, #LNK, #DPRK, #CTI wezard4u.tistory.com/429430

꿈을꾸는 파랑새 · 북한 해킹 그룹 Konni(코니)에서 만든 사이버범죄 신고시스템 사칭 악성코드-ECRM.hwp.lnk(2025.3.11)오늘은 북한 해킹 그룹 Konni(코니)에서 만든 악성코드 ECRM.M.hwp.lnk(2025.3.11) 에 대해 알아보겠습니다. 일단 ECRM.M.hwp.lnk 는 아마도 경찰청에서 운영을 하고 있는 사이버범죄 신고시스템(사이버 수사대) (ECRM)인 것처럼 위장하는 것 같습니다. 아마도 이쪽을 공격했거나 아니며 사이버범죄 신고시스템(사이버 수사대) (ECRM) 에서 뿌린 hwp인 것처럼 한 것인 것 같습니다.파일명:ECRM.M.hwp.lnk사이즈:1 MBMD5:5bd8cad0e4f14e252056830d16abfbe5SHA-1:61bae4c2061e3672eb1d416a2e894f8bd2165502SHA-256:811d221a1340e64aa1736d9d4e8f80820a5a02fab3d0c9e454..
Public
lazarusholic

"북한 해킹 단체 코니(Konni) 에서 만든 악성코드-2024년 귀속 연말정산 안내문_세한.docx(2025.2.28)" published by Sakai. #Konni, #LNK, #DPRK, #CTI wezard4u.tistory.com/429425

꿈을꾸는 파랑새 · 북한 해킹 단체 코니(Konni) 에서 만든 악성코드-2024년 귀속 연말정산 안내문_세한.docx(2025.2.28)오늘은 북한 해킹 단체 코니(Konni) 에서 만든 악성코드인 2024년 귀속 연말정산 안내문_세한.docx(2025.2.28)에 대해 글을 적어보겠습니다.파일명:2024년 귀속 연말정산 안내문_세한.docx.lnk사이즈:2 MBMD5:a2785ec65622217be80174b887b1eb06SHA-1:5820e221437e87d6663adaddedb05bb5566be3daSHA-256:b81513f0f8d3db382bb8f931bf2b7a0d4f26f74cfcf60b5d889de87ef2f1d543이며 악성코드에 포함된 파워셀 코드는 다음과 같습니다.StringData{ namestring: docx File relativepath: not present workingdir: not p..
Public
lazarusholic

"북한 코니(Konni) 가상자산사업자 자금세탁방지 감독 방향 위장을 하는 악성코드-test.lnk(2025.2.28)" published by Sakai. #Konni, #LNK, #DPRK, #CTI wezard4u.tistory.com/429423

꿈을꾸는 파랑새 · 북한 코니(Konni) 가상자산사업자 자금세탁방지 감독 방향 위장을 하는 악성코드-test.lnk(2025.2.28)오늘은 북한 해킹 단체 코니(Konni) 에서 만든 악성코드에서 만든 악성코드인 test.lnk 에 대해 알아보겠습니다. 해당 악성코드 제목을 보면 이제는 성의조차 안 보인다는 것을 알게 될 것입니다.일단 악성코드를 실행하면 가상자산사업자 자금세탁방지 감독 방향이라는 제목으로 hwp 로 위장을 하고 있습니다.파일명:test.lnk사이즈:2 MBMD5:6467861415139a1ee35f2b036e57c494SHA-1:86c4315e90a5950e7ae87e3eca991274dd420459SHA-256:2dcb83b80eef4018e85d56c2e19fd176b2a77042239d730aac055fc74a6aaba9일단 기존의 고전적인 방식인 LNK 파일인 것처럼 위장돼 있지만 실제로는 해당 악성코드에서 ..
ExploreLive feeds
About