Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 18:01:57 UTC
Home > List all groups > List all tools > List all groups using tool Konni
 Tool: Konni
Names Konni
Category Malware
Type Backdoor, Info stealer
Description
Konni is a remote administration tool, observed in the wild since early 2014. The Konni
malware family is potentially linked to APT37, a North-Korean cyber espionage group
active since 2012. The group primary victims are South-Korean political organizations,
as well as Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other
parts of the Middle East.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 07 March 2024
Download this tool card in JSON format
All groups using tool Konni
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d238a221-2a1d-4558-9dbf-7a3a6bbb0d22
Page 1 of 2

APT groups
  Reaper, APT 37, Ricochet Chollima, ScarCruft 2012-Mar 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d238a221-2a1d-4558-9dbf-7a3a6bbb0d22
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d238a221-2a1d-4558-9dbf-7a3a6bbb0d22
Page 2 of 2