1. Home
  2. Software
  3. DDKONG

DDKONG

DDKONG is a malware sample that was part of a campaign by Rancor. DDKONG was first seen used in February 2017. [1]

ID: S0255
Type: MALWARE
Version: 1.0
Created: 17 October 2018
Last Modified: 04 September 2024
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1140 反混淆/解码文件或信息

DDKONG decodes an embedded configuration using XOR.[1]
Enterprise T1083 文件和目录发现

DDKONG lists files on the victim’s machine.[1]
Enterprise T1218 .011 系统二进制代理执行: Rundll32

DDKONG uses Rundll32 to ensure only a single instance of itself is running at once.[1]
Enterprise T1105 输入工具传输

DDKONG downloads and uploads files on the victim’s machine.[1]

Groups That Use This Software

ID Name References
G0075 Rancor

[1]

References

  1. Ash, B., et al. (2018, June 26). RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families. Retrieved July 2, 2018.