Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1140 | Deobfuscate/Decode Files or Information | ||
Enterprise | T1083 | File and Directory Discovery | ||
Enterprise | T1105 | Ingress Tool Transfer |
DDKONG downloads and uploads files on the victim’s machine.[1] |
|
Enterprise | T1218 | .011 | Signed Binary Proxy Execution: Rundll32 |
DDKONG uses Rundll32 to ensure only a single instance of itself is running at once.[1] |
ID | Name | References |
---|---|---|
G0075 | Rancor |