- Joined
- Jan 8, 2019
- Messages
- 56,608
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,454
- Points
- 2,313
- Credits
- 32,600
6 Years of Service
76%
cross-platform backdoor using dns txt records
What is ddor?
ddor is a cross-platform lightweight backdoor that uses txt records to execute commands on infected machines.
Features
Allows a single txt record to have seperate commands for both Linux and Windows machines
List of around 10 public DNS servers that it randomly chooses from
Unpredictable call back times
Encrypts txt record using xor with custom password
Linux Features:
Anti-Debugging, if ptrace is detected as being attached to the process it will exit.
Process Name/Thread names are cloaked, a fake name overwrites all of the system arguments and file name to make it seem like a legitimate program.
Automatically Daemonizes
Tries to set GUID/UID to 0 (root)
Windows Features:
Hides Console Window
Stub Size of around 20kb