Doki Backdoor Trojan
Doki is a backdoor trojan created by the Ngrok advanced persistent threat (APT) group that targets insecure Docker cloud instances.
Security researchers have observed Doki remotely deployed to Docker installations where the management API has been left publicly exposed.
Attackers scan for publicly accessible, open Docker servers in an automated fashion, and then exploit them in order to set up their own containers and execute malware on the victim’s infrastructure.
Indicators Of Compromise
Command and control (C2) server domain
- 6d77335c4f23[.]ddns[.]net
File Hash (SHA-256)
- 4aadb47706f0fe1734ee514e79c93eed65e1a0a9f61b63f3e7b6367bd9a3e63b
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.