1. Home
  2. Software
  3. DDKONG

DDKONG

DDKONG is a malware sample that was part of a campaign by Rancor. DDKONG was first seen used in February 2017. [1]

ID: S0255
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 17 October 2018
Last Modified: 17 October 2018
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1140 Deobfuscate/Decode Files or Information

DDKONG decodes an embedded configuration using XOR.[1]
Enterprise T1083 File and Directory Discovery

DDKONG lists files on the victim’s machine.[1]
Enterprise T1105 Ingress Tool Transfer

DDKONG downloads and uploads files on the victim’s machine.[1]
Enterprise T1218 .011 Signed Binary Proxy Execution: Rundll32

DDKONG uses Rundll32 to ensure only a single instance of itself is running at once.[1]

Groups That Use This Software

ID Name References
G0075 Rancor

[1]

References

  1. Ash, B., et al. (2018, June 26). RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families. Retrieved July 2, 2018.