Doki Backdoor Trojan

Doki is a backdoor trojan created by the Ngrok advanced persistent threat (APT) group that targets insecure Docker cloud instances.

Security researchers have observed Doki remotely deployed to Docker installations where the management API has been left publicly exposed.

Attackers scan for publicly accessible, open Docker servers in an automated fashion, and then exploit them in order to set up their own containers and execute malware on the victim’s infrastructure. 

Indicators Of Compromise

Command and control (C2) server domain

  • 6d77335c4f23[.]ddns[.]net

File Hash (SHA-256)

  • 4aadb47706f0fe1734ee514e79c93eed65e1a0a9f61b63f3e7b6367bd9a3e63b

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: