Konni Campaign Distributed Via Malicious Document [Tuesday, November 21, 2023]

Konni Campaign Distributed Via Malicious Document [Tuesday, November 21, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

Konni Campaign Distributed Via Malicious Document

Description :
A Russian-language Word document equipped with a malicious macro is used to deliver malware that infects victims' systems, FortiGuard Labs has revealed in its latest security research blog (PSIRT).

Published :
2023-11-21T08:47:37.972Z

Created :
2023-11-21T08:47:37.972Z

Modified :
2023-11-21T09:11:36.468Z

Tags

  • macro
  • malicious document
  • konni

Indicators

Domains :
  • bg5pl1.c1.biz
  • 6e2nbc.c1.biz
  • aocsff.c1.biz
  • dpgbep.c1.biz
  • kmdqj1.c1.biz
  • m2jymd.c1.biz
  • vqt9i1.c1.biz
  • 3pl0y5.c1.biz
  • 3897lb.c1.biz
  • b91stf.c1.biz
  • 558ga9.c1.biz
  • glws5m.c1.biz
  • ewqqa4.c1.biz
  • pm90p1.c1.biz
  • caoy9n.c1.biz
  • 9b31n8.c1.biz
  • pxyunf.c1.biz
  • rziju6.c1.biz
  • ouvxu2.c1.biz
  • 7qnbae.c1.biz
Hashes :
  • ac9b814b98a962bc77b2ab862d9c3b1ba5f7e86b80797259b4fcb40bfb389081
  • 656dd6e67a51aebc6c69dc35eaba2e1502f225ae6fd9d0a5ff70879982427844
  • cfbc7e6a89e4a23a72c7bcd9019197721f18506d9ab842011e0ab9d9eb24c2cc
  • f07e55ce20e944706232013241d23282e652de2c9514904dede14d4a711a5d1d
  • 83e66d912ca592bc2accfd9c275647f287b6dc72a859054a348e616537999b64
  • 085cdb09aba0024c0cadbefe428817829bbe4ab0f68598572ebccc2f6f25e78f
  • 793b8e72fded73ae6839e678b03bd5c99959f47a1ad632095ba60fb89f66fa91
Attacks Pattern :
  • T1137
  • T1548
  • T1569
  • T1547
  • T1560
  • T1543
  • T1027
  • T1574
  • T1134
  • T1059
  • T1140
  • T1082
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.