#1267555: Konni Campaign Targetting Mobiles - Additional IOCs

Description: Continuing attacks linked to the DPRK

Reference:
https://twitter.com/timele9527/status/1149501545886519296
First Aid: IOCs:

FileHash-MD5 3f8a1bca927fc8ae990c21376e69249b
FileHash-SHA256 5c69e625c873230dc55652f96f17ae1ef8e3b1c064f785a41912dd488dce2682
FileHash-MD5 68d09da62771d17a6a2ab729ab593ba9
FileHash-MD5 6c290d6ddbe317844a4dccdc2259c6c1
domain attachment-download.net
FileHash-MD5 d503c3d182a632ac2c009c30e70951f2
domain download-daum.net
domain downloader-naver.com
FileHash-MD5 e4153600e79668b963489d932050c28a
domain eazybilldelivery.com
domain eazybillkorea.com
FileHash-SHA256 fc00ff0ff0c445d8123516703933486a55811b5e456c6c79fc6f4fa438e37d9e
domain filer-download.com
URL http://193.148.16.45/manager
URL http://193.148.16.45/reserve
URL http://194.124.34.62/manager
URL http://karachi-tan.com/tan/result/up....
URL http://mail.naver-download.com/file/pay/typeword13.Doc
URL http://mail.naver-download.com/file/pay/typeword13.doc
URL http://naver.attach-download.com/download/apk/KakaoTalk.apk
URL http://www.downloader-hanmail.net/attach_down/0711-8.doc
URL http://www.karachi-tan.com/tan/order/download.txt
URL http://www.karachi-tan.com/tan/order/no1.txt
URL http://www.karachi-tan.com/tan/order/starttemp.txt
URL http://www.karachi-tan.com/tan/result/up.php
URL http://www.online-kor.com/mk/AutoDHL/DHL/pp7c7hn45ophu0mngew859va27524e5d5582cfb0ee5b91de81c038c5.php?email=
URL http://www.online-kor.com/vi/AutoDHL/DHL/bwd3ik6kuewj7n68h4mqvsb127524e5d5582cfb0ee5b91de81c038c5.php?email=
domain karachi-pk.com
domain naver-download.com
hostname naver.attach-download.com
domain naverservice.com
domain online-kor.com
domain standadbankgroup.com
hostname www.downloader-hanmail.net
hostname www.karachi-tan.com
More info: https://otx.alienvault.com/pulse/5d2ca6c5e6be8b07f9099c55?utm_medium=InProduct&utm_source=OTX&utm_content=Email&utm_campaign=new_pulse_from_subscribed

Date added July 15, 2019, 6:56 p.m.
Source AlienVault
Subjects
  • All New Malware or Attack Alerts - New Reports / IOCs in
  • . APTs - Advanced Persistent Threats - New Reports in
  • . APTs - North Korea - New Reports in
  • Mobile Malware and Threats - Various
  • Mobile Malware - New Reports in
  • North Korea - Nokki / Konni Malware (possibly tied to REAPER APT Group)
Country North Korea