{
  "name": "KONNI Adopts AI to Generate PowerShell Backdoors",
  "slug": "konni-adopts-ai-to-generate-powershell-backdoors",
  "description": "A North Korea-linked threat actor known as KONNI has been observed conducting a phishing campaign targeting software developers and engineering teams, particularly those with blockchain expertise. The campaign uses AI-generated PowerShell backdoors and targets a broader range of countries in the APAC region. The infection chain begins with a Discord-hosted link downloading a ZIP archive containing a PDF lure and a malicious LNK file. The LNK file deploys additional components, including the AI-generated PowerShell backdoor. The backdoor employs various anti-analysis techniques and establishes persistence through scheduled tasks. This campaign demonstrates KONNI's evolution in tactics and tooling, including the adoption of AI-assisted malware development.",
  "published": "2026-01-22T17:22:30+00:00",
  "created_at": "2026-01-22T17:22:30+00:00",
  "modified_at": "2026-01-22T19:32:35+00:00",
  "created_at_opencti": "2026-01-22T17:22:30+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2026-01-22",
    "ai-generated",
    "apac",
    "backdoor",
    "blockchain",
    "north korea",
    "phishing",
    "powershell",
    "powershell backdoor",
    "simplehelp",
    "software developers"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "192.144.34.77"
      },
      {
        "id": "",
        "name": "223.16.184.105"
      },
      {
        "id": "",
        "name": "192.144.34.40"
      },
      {
        "id": "",
        "name": "851695cb3807a693aae25c8b9ade20a90eaea6802bc619c1d19d121a92aef7a0"
      },
      {
        "id": "",
        "name": "e57fa2d1d3e2bff9603ce052e51a8d6ee5c6d207633765b401399b136249ca35"
      },
      {
        "id": "",
        "name": "b411fbe03d429556ced09412dd26dc972ee55cff907bfdb5594fe9e3f1c9f0b2"
      },
      {
        "id": "",
        "name": "26356e12aae0a2ab1fd0ec15d49208603d3dd1041d50a0b153ab577319797715"
      },
      {
        "id": "",
        "name": "26a01ffa237241e31a59f1ff4d62a063f55c97598732d55855cce18b8b27b2d6"
      },
      {
        "id": "",
        "name": "c94e58f134c26c3dc25f69e4da81d75cbf4b4235bcfb40b17754da5fe07aad0a"
      },
      {
        "id": "",
        "name": "20e61936144822399149e651da665eb67b16e90ec824dac3d9eec8a4da42fdd2"
      },
      {
        "id": "",
        "name": "c040756802a217abf077b2f14effb1ed68e36165fde660fef8ff0cfa2856f25d"
      },
      {
        "id": "",
        "name": "f8e86693916be2178b948418228d116a8f73c7856e11c1f4470b8c413268c6c8"
      },
      {
        "id": "",
        "name": "de75afa15029283154cf379bc9bb7459cbcd548ff9d11efe24eb2fde7552af07"
      },
      {
        "id": "",
        "name": "856ac810f4a00a7e3fa89aec4c94cc166ae6ccf06c3557e9694f8639223ce25d"
      },
      {
        "id": "",
        "name": "64e6a852fc2e4d3e357222692eefbf445c2bd9ba654b83e64fe9913f2bb115cc"
      },
      {
        "id": "",
        "name": "1ebc4542905c8d4fd8ac6f6d9fadeef51698e5916f6ce1bcc61dcfdea02758ec"
      },
      {
        "id": "",
        "name": "c3c8d6ea686ad87ca2c6fcb5d76da582078779ed77c7544b4095ecd7616ba39d"
      },
      {
        "id": "",
        "name": "48585baa9f1c2b721bb8c4fbd88eff65f8fa580a662aadcd143bc4fda6590156"
      },
      {
        "id": "",
        "name": "8647209127d998774179aa889d2fcc664153d73557e2cca5f29c261c48dd8772"
      },
      {
        "id": "",
        "name": "c2ec24dea46273085daa82e83c1c38f3921c718a61f617a66e8b715d1dcc0f57"
      },
      {
        "id": "",
        "name": "738637fcb82920f418111c0cd83d74d9a0807972a73abfbdc71b7446e5bd6a9d"
      },
      {
        "id": "",
        "name": "b958d4d6ce65d1c081800fc14e558c34daff3b28cdd45323d05b8d40c4146c3c"
      },
      {
        "id": "",
        "name": "a1d4272ec0ce88f9c697b3e6c70624ec5f1ad9a83c9e64120b5ee21688365af9"
      },
      {
        "id": "",
        "name": "39fdff2ea1a5e2b6151eccc89ca6d2df33b64e09145768442cec93a578f1760c"
      },
      {
        "id": "",
        "name": "fcc9b2ac73a0ca01fb999e6aa1a8bdbd89e632939443bcc9186ae1294089123e"
      },
      {
        "id": "",
        "name": "3b67217507e0c44bd7a4cfafed0e8958d21594c98eec43a999614815a7060410"
      },
      {
        "id": "",
        "name": "f619d63aa8d09bafb13c812bf60f2b9189a8dc696c7cef2f246c6b223222e94c"
      },
      {
        "id": "",
        "name": "159f81fc57399186503190562f28b2dd430d8cc07303e15e2ec60aee6bca798c"
      },
      {
        "id": "",
        "name": "c79ef37866b2dff0afb9ca07b4a7c381ba0b201341f969269971398b69ade5d5"
      },
      {
        "id": "",
        "name": "fb9f16a8900bae93dd93b5d059a0d2997c1db7198acf731f3acf1696a19eeead"
      },
      {
        "id": "",
        "name": "ec8c191ad171cf40461dc870b02f5c4e9904f9fec1191174d524b1fb3cbde47f"
      },
      {
        "id": "",
        "name": "af8ca986a52e312fb85f97b235e4b406d665d7ac09cbdb5e25662d4c508ebad4"
      },
      {
        "id": "",
        "name": "b15f95d0f269bc1edce0e07635681d7dd478c0daa82c6bfd50c551435eba10ff"
      },
      {
        "id": "",
        "name": "eec55e9a7f27f2ecaba71735fbd636679783ff60d9019eabf8216beebd47300b"
      }
    ],
    "intrusion_sets": [
      {
        "id": "bde20141-725e-4c2f-a0cf-4eb778711ae4",
        "name": "KONNI",
        "slug": "konni"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "India"
      },
      {
        "id": "",
        "name": "British Indian Ocean Territory"
      },
      {
        "id": "",
        "name": "Japan"
      },
      {
        "id": "",
        "name": "Australia"
      },
      {
        "id": "",
        "name": "Technologies"
      }
    ]
  },
  "external_refs": [
    "https://research.checkpoint.com/2026/konni-targets-developers-with-ai-malware",
    "https://otx.alienvault.com/pulse/69726ae65cfcf0a192c03c35"
  ]
}