Khrat

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
KHRAT, also known as DDKONG, PLAINTEE, and RANCOR, is a threat actor that has been conducting highly targeted cyberattacks in South East Asia. The cybersecurity industry began tracking this malicious entity throughout 2017 and 2018, with the focus of their research being on the KHRAT Trojan, a previously unknown malware family. This threat actor's actions have been consistent and persistent, suggesting a single group or individual is behind these attacks. In February 2018, there was a significant development when several domains associated with KHRAT began resolving to the IP address 89.46.222[.]97. This finding allowed for a more comprehensive understanding of the threat actor's infrastructure and operations, enabling cybersecurity professionals to better track and counteract its activities. This shift in IP resolution marked a critical point in the ongoing efforts to monitor and combat KHRAT's malicious activities. The continuous monitoring of KHRAT's command and control domains has played an essential role in building upon previous research into the KHRAT Trojan. By understanding the patterns and techniques of this threat actor, cybersecurity experts can develop more effective defense strategies. AutoFocus customers are advised to remain vigilant and keep track of this threat through the designated tags. Despite the complex and evolving nature of KHRAT's tactics, continued research and observation will be crucial in mitigating future attacks.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Khrat Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families