KONNI
· Published 21/12/2025 01:41 · Modified 22/01/2026 21:32
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 01:41
- Modified
- 22/01/2026 21:32
- Updated at
- 22/01/2026 21:32
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 48 attack patterns (mitre), 6 malware, 3 sectors, 4 countries, 85 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
34 Observables 1 APTPublished 22/01/2026 18:22 · Modified 22/01/2026 20:32
-
18 MITREs 2 Malwares 1 Observable 1 APTPublished 18/01/2026 18:38 · Modified 19/01/2026 09:30
-
15 MITREs 5 Malwares 10 Observables 1 APTPublished 10/11/2025 11:14 · Modified 10/11/2025 11:48
Attack patterns (MITRE) (48)
-
T1574 usesHijack Execution Flow
-
T1547 usesBoot or Logon Autostart Execution
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1012 usesQuery Registry
-
T1573.001 usesSymmetric Cryptography
-
T1036.004 usesMasquerade Task or Service
-
T1071.001 usesWeb Protocols
-
T1566 usesPhishing
-
T1584 usesCompromise Infrastructure
-
T1497 usesVirtualization/Sandbox Evasion
-
T1218.011 usesRundll32
-
T1218 usesSystem Binary Proxy Execution
-
T1083 usesFile and Directory Discovery
-
T1053.005 usesScheduled Task
-
T1112 usesModify Registry
-
T1132.001 usesStandard Encoding
-
T1588.001 usesMalware
-
T1583 usesAcquire Infrastructure
-
T1573 usesEncrypted Channel
-
T1102 usesWeb Service
-
T1057 usesProcess Discovery
-
T1105 usesIngress Tool Transfer
-
T1548 usesAbuse Elevation Control Mechanism
-
T1059.001 usesPowerShell
-
T1588.002 usesTool
-
T1078 usesValid Accounts
-
T1571 usesNon-Standard Port
-
T1543 usesCreate or Modify System Process
-
T1033 usesSystem Owner/User Discovery
-
T1059 usesCommand and Scripting Interpreter
-
T1497.001 usesSystem Checks
-
T1059.005 usesVisual Basic
-
T1036 usesMasquerading
-
T1027 usesObfuscated Files or Information
-
T1569 usesSystem Services
-
T1055 usesProcess Injection
-
T1070.004 usesFile Deletion
-
T1016 usesSystem Network Configuration Discovery
-
T1204.002 usesMalicious File
-
T1204 usesUser Execution
-
T1560 usesArchive Collected Data
-
T1082 usesSystem Information Discovery
-
T1134 usesAccess Token Manipulation
-
T1137 usesOffice Application Startup
-
T1547.001 usesRegistry Run Keys / Startup Folder
-
T1049 usesSystem Network Connections Discovery
-
T1497.003 usesTime Based Checks
-
T1059.003 usesWindows Command Shell
Malware (6)
-
EndRAT usesFamilyPublished 18/03/2026 10:49 · Modified 18/03/2026 10:49
-
RftRAT usesFamilyPublished 18/03/2026 10:49 · Modified 18/03/2026 10:49
-
LilithRAT usesFamilyPublished 10/11/2025 11:14 · Modified 10/11/2025 11:14
-
RemcosRAT usesFamilyPublished 22/04/2026 07:06 · Modified 22/04/2026 07:06
-
QuasarRAT usesFamilyPublished 25/02/2026 11:35 · Modified 25/02/2026 11:35
-
AutoItRAT usesFamilyPublished 18/01/2026 18:38 · Modified 18/01/2026 18:38
Sectors (3)
- Government targets
- Technology targets
- Finance targets
Countries (4)
- British Indian Ocean Territory targets
- Japan targets
- Australia targets
- India targets
Indicators (85)
-
b91stf.c1.bizindicates -
fcc9b2ac73a0ca01fb999e6aa1a8bdbd89e632939443bcc9186ae1294089123eindicates -
ouvxu2.c1.bizindicates -
558ga9.c1.bizindicates -
192.144.34.40indicates -
anupamaivf.comindicates -
cfbc7e6a89e4a23a72c7bcd9019197721f18506d9ab842011e0ab9d9eb24c2ccindicates -
xcellentrenovations.comindicates -
m2jymd.c1.bizindicates -
genuinashop.comindicates -
223.16.184.105indicates -
de75afa15029283154cf379bc9bb7459cbcd548ff9d11efe24eb2fde7552af07indicates -
pm90p1.c1.bizindicates -
c040756802a217abf077b2f14effb1ed68e36165fde660fef8ff0cfa2856f25dindicates -
appoitment.dotoit.mediaindicates -
jlrandsons.co.ukindicates -
9b31n8.c1.bizindicates -
caoy9n.c1.bizindicates -
kmdqj1.c1.bizindicates -
bg5pl1.c1.bizindicates -
c2ec24dea46273085daa82e83c1c38f3921c718a61f617a66e8b715d1dcc0f57indicates -
192.144.34.77indicates -
aceeyl.comindicates -
ec8c191ad171cf40461dc870b02f5c4e9904f9fec1191174d524b1fb3cbde47findicates -
7qnbae.c1.bizindicates -
738637fcb82920f418111c0cd83d74d9a0807972a73abfbdc71b7446e5bd6a9dindicates -
3b67217507e0c44bd7a4cfafed0e8958d21594c98eec43a999614815a7060410indicates -
26a01ffa237241e31a59f1ff4d62a063f55c97598732d55855cce18b8b27b2d6indicates -
1ebc4542905c8d4fd8ac6f6d9fadeef51698e5916f6ce1bcc61dcfdea02758ecindicates -
f07e55ce20e944706232013241d23282e652de2c9514904dede14d4a711a5d1dindicates -
c79ef37866b2dff0afb9ca07b4a7c381ba0b201341f969269971398b69ade5d5indicates -
c3c8d6ea686ad87ca2c6fcb5d76da582078779ed77c7544b4095ecd7616ba39dindicates -
pomozzi.comindicates -
8d9d5a21d75e14410cc30e15176ecae45d17221c654ccdb94d99d131c14de6e9indicates -
83e66d912ca592bc2accfd9c275647f287b6dc72a859054a348e616537999b64indicates -
sparkwebsolutions.spaceindicates -
eec55e9a7f27f2ecaba71735fbd636679783ff60d9019eabf8216beebd47300bindicates -
fb9f16a8900bae93dd93b5d059a0d2997c1db7198acf731f3acf1696a19eeeadindicates -
optique-leclercq.beindicates -
af8ca986a52e312fb85f97b235e4b406d665d7ac09cbdb5e25662d4c508ebad4indicates -
ac9b814b98a962bc77b2ab862d9c3b1ba5f7e86b80797259b4fcb40bfb389081indicates -
26356e12aae0a2ab1fd0ec15d49208603d3dd1041d50a0b153ab577319797715indicates -
dpgbep.c1.bizindicates -
3pl0y5.c1.bizindicates -
b15f95d0f269bc1edce0e07635681d7dd478c0daa82c6bfd50c551435eba10ffindicates -
20e61936144822399149e651da665eb67b16e90ec824dac3d9eec8a4da42fdd2indicates -
vintashmarket.comindicates -
a1d4272ec0ce88f9c697b3e6c70624ec5f1ad9a83c9e64120b5ee21688365af9indicates -
aocsff.c1.bizindicates -
851695cb3807a693aae25c8b9ade20a90eaea6802bc619c1d19d121a92aef7a0indicates -
nationalinterestparty.comindicates -
youkhanhdoit.coindicates -
f8e86693916be2178b948418228d116a8f73c7856e11c1f4470b8c413268c6c8indicates -
e57fa2d1d3e2bff9603ce052e51a8d6ee5c6d207633765b401399b136249ca35indicates -
39fdff2ea1a5e2b6151eccc89ca6d2df33b64e09145768442cec93a578f1760cindicates -
b411fbe03d429556ced09412dd26dc972ee55cff907bfdb5594fe9e3f1c9f0b2indicates -
b958d4d6ce65d1c081800fc14e558c34daff3b28cdd45323d05b8d40c4146c3cindicates -
kyowaind.co.jpindicates -
glws5m.c1.bizindicates -
793b8e72fded73ae6839e678b03bd5c99959f47a1ad632095ba60fb89f66fa91indicates -
656dd6e67a51aebc6c69dc35eaba2e1502f225ae6fd9d0a5ff70879982427844indicates -
oldfoxcompany.comindicates -
64e6a852fc2e4d3e357222692eefbf445c2bd9ba654b83e64fe9913f2bb115ccindicates -
encryptuganda.orgindicates -
bp-analytics.deindicates -
c94e58f134c26c3dc25f69e4da81d75cbf4b4235bcfb40b17754da5fe07aad0aindicates -
althouqroastery.comindicates -
pxyunf.c1.bizindicates -
7107c110e4694f50a39a91f8497b9f0e88dbe6a3face0d2123a89bcebf241a1dindicates -
3897lb.c1.bizindicates -
vqt9i1.c1.bizindicates -
159f81fc57399186503190562f28b2dd430d8cc07303e15e2ec60aee6bca798cindicates -
professionaltutors.netindicates -
48585baa9f1c2b721bb8c4fbd88eff65f8fa580a662aadcd143bc4fda6590156indicates -
8647209127d998774179aa889d2fcc664153d73557e2cca5f29c261c48dd8772indicates -
085cdb09aba0024c0cadbefe428817829bbe4ab0f68598572ebccc2f6f25e78findicates -
creativepackout.coindicates -
rziju6.c1.bizindicates -
tatukikai.jpindicates -
856ac810f4a00a7e3fa89aec4c94cc166ae6ccf06c3557e9694f8639223ce25dindicates -
6e2nbc.c1.bizindicates -
f619d63aa8d09bafb13c812bf60f2b9189a8dc696c7cef2f246c6b223222e94cindicates -
kppe.plindicates -
igamingroundtable.comindicates -
ewqqa4.c1.bizindicates