DDKONG

DDKONG is a malware sample that was part of a campaign by Rancor. DDKONG was first seen used in February 2017. [1]

ID: S0255
Aliases: DDKONG
Type: MALWARE
Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
DDKONG[1]

Techniques Used

DomainIDNameUse
EnterpriseT1094Custom Command and Control ProtocolDDKONG communicates over raw TCP.[1]
EnterpriseT1140Deobfuscate/Decode Files or InformationDDKONG decodes an embedded configuration using XOR.[1]
EnterpriseT1083File and Directory DiscoveryDDKONG lists files on the victim’s machine.[1]
EnterpriseT1105Remote File CopyDDKONG downloads and uploads files on the victim’s machine.[1]
EnterpriseT1085Rundll32DDKONG uses Rundll32 to ensure only a single instance of itself is running at once.[1]

Groups

Groups that use this software:

Rancor

References