216.73.217.47

KONNI

The MITRE Corporation · Published 31/01/2019 01:36 · Modified 27/03/2026 01:05 Family

Essential information

Confidence
100/100
Is family
Yes
Published
31/01/2019 01:36
Modified
27/03/2026 01:05
Revoked
No
Author / Source
The MITRE Corporation
Related entities
63 attack patterns (mitre), 2 countries, 14 indicators

Description

[KONNI](https://attack.mitre.org/software/S0356) is a remote access tool that security researchers assess has been used by North Korean cyber actors since at least 2014. [KONNI](https://attack.mitre.org/software/S0356) has significant code overlap with the [NOKKI](https://attack.mitre.org/software/S0353) malware family, and has been linked to several suspected North Korean campaigns targeting political organizations in Russia, East Asia, Europe and the Middle East; there is some evidence potentially linking [KONNI](https://attack.mitre.org/software/S0356) to [APT37](https://attack.mitre.org/groups/G0067).(Citation: Talos Konni May 2017)(Citation: Unit 42 NOKKI Sept 2018)(Citation: Unit 42 Nokki Oct 2018)(Citation: Medium KONNI Jan 2020)(Citation: Malwarebytes Konni Aug 2021)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references