NOKKI (31aa0433-fb6b-4290-8af5-a0d0c6c18548)
NOKKI is a modular remote access tool. The earliest observed attack using NOKKI was in January 2018. NOKKI has significant code overlap with the KONNI malware family. There is some evidence potentially linking NOKKI to APT37.[Unit 42 NOKKI Sept 2018][Unit 42 Nokki Oct 2018]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Kimsuky (37f317d8-02f0-43d4-8a7d-7a65ce8aadf1) | Tidal Groups | NOKKI (31aa0433-fb6b-4290-8af5-a0d0c6c18548) | Tidal Software | 1 |