Khrat

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
KHRAT, also known as DDKONG, PLAINTEE, and RANCOR, is a threat actor that has been conducting highly targeted cyberattacks in South East Asia. The cybersecurity industry began tracking this malicious entity throughout 2017 and 2018, with the focus of their research being on the KHRAT Trojan, a previously unknown malware family. This threat actor's actions have been consistent and persistent, suggesting a single group or individual is behind these attacks. In February 2018, there was a significant development when several domains associated with KHRAT began resolving to the IP address 89.46.222[.]97. This finding allowed for a more comprehensive understanding of the threat actor's infrastructure and operations, enabling cybersecurity professionals to better track and counteract its activities. This shift in IP resolution marked a critical point in the ongoing efforts to monitor and combat KHRAT's malicious activities. The continuous monitoring of KHRAT's command and control domains has played an essential role in building upon previous research into the KHRAT Trojan. By understanding the patterns and techniques of this threat actor, cybersecurity experts can develop more effective defense strategies. AutoFocus customers are advised to remain vigilant and keep track of this threat through the designated tags. Despite the complex and evolving nature of KHRAT's tactics, continued research and observation will be crucial in mitigating future attacks.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
DDKONG
1
DDKONG is a type of malware that has been used in cyber attacks orchestrated by a group we have named "RANCOR". This group, which we believe to be previously unidentified, uses two primary malware families: DDKONG and PLAINTEE. DDKONG has been used consistently throughout the RANCOR group's campaign
PLAINTEE
1
The PLAINTEE malware is a relatively new addition to the toolkit of an unidentified group, dubbed as "RANCOR". The RANCOR campaign utilizes two primary malware families: DDKONG and PLAINTEE. This malicious software is unique, with only six samples present in our data set. It has been utilized in two
Rancor
1
Rancor, a previously unidentified threat actor group, has been executing malicious actions through targeted cyber-attacks since 2018. The cybersecurity industry has linked Rancor with the DragonOK group, and their activities have been observed to focus primarily on Southeast Asia. The group's attack
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Trojan
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Khrat Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families