{
	"id": "f5af069e-6ffb-4347-9b7f-6626033682e2",
	"created_at": "2026-04-06T01:32:34.369781Z",
	"updated_at": "2026-04-10T03:21:29.635534Z",
	"deleted_at": null,
	"sha1_hash": "d88d7bc10c3a4fefc2fb11f47c783a2451071489",
	"title": "GitHub - rek7/ddoor: DDoor - cross platform backdoor using dns txt records",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45906,
	"plain_text": "GitHub - rek7/ddoor: DDoor - cross platform backdoor using dns\r\ntxt records\r\nBy rek7\r\nArchived: 2026-04-06 00:41:56 UTC\r\ncross platform backdoor using dns txt records\r\nWhat is ddor?\r\nddor is a cross platform light weight backdoor that uses txt records to execute commands on infected machines.\r\nFeatures\r\nAllows a single txt record to have seperate commands for both linux and windows machines\r\nList of around 10 public DNS servers that it randomly chooses from\r\nUnpredictable call back times\r\nEncrypts txt record using xor with custom password\r\nSupports DNS over HTTPS (Shoutout to Keith @keharv for adding this!)\r\nLinux Features:\r\nAnti-Debugging, if ptrace is detected as being attached to the process it will exit.\r\nProcess Name/Thread names are cloaked, a fake name overwrites all of the system arguments and file\r\nname to make it seem like a legitimate program.\r\nAutomatically Daemonizes\r\nTries to set GUID/UID to 0 (root)\r\nWindows Features:\r\nHides Console Window\r\nStub Size of around 700kb\r\nInstallation\r\nTo install the dependencies needed for the python generation script run.\r\npip3 install -r requirements.txt\r\nMake sure to edit config.h and replace the provided domain with yours, you can change the fake name as well as\r\nthe password.\r\nhttps://github.com/rek7/ddoor\r\nPage 1 of 2\n\nTo create a Linux binary:\r\nRun the compile.sh script, this will create a file called binary in the bin folder.\r\nTo Create a Windows Binary:\r\nThis project was built using VS 2019, if you open the sln file using VS2019 select the release build and build it.\r\nUsage\r\nRun payload_manager.py with python3 to create a hex encoded payload, then update or create a txt record for\r\nyour domain, make sure that the TTL is set to 300 seconds!!!\r\nPayload Manager Usage:\r\n$ ./payload_manager.py -h\r\n@@@@@@@ @@@@@@@ @@@@@@ @@@@@@ @@@@@@@\r\n@@@@@@@@ @@@@@@@@ @@@@@@@@ @@@@@@@@ @@@@@@@@\r\n@@! @@@ @@! @@@ @@! @@@ @@! @@@ @@! @@@\r\n!@! @!@ !@! @!@ !@! @!@ !@! @!@ !@! @!@\r\n@!@ !@! @!@ !@! @!@ !@! @!@ !@! @!@!!@!\r\n!@! !!! !@! !!! !@! !!! !@! !!! !!@!@!\r\n!!: !!! !!: !!! !!: !!! !!: !!! !!: :!!\r\n:!: !:! :!: !:! :!: !:! :!: !:! :!: !:!\r\n :::: :: :::: :: ::::: :: ::::: :: :: :::\r\n:: : : :: : : : : : : : : : : :\r\nusage: payload_manager.py [-h] [-l LINUX_CMD] [-w WINDOWS_CMD]\r\n [-d DOMAIN_SEARCH]\r\nddoor, crossplatform dns backdoor\r\noptional arguments:\r\n -h, --help show this help message and exit\r\n -l LINUX_CMD Linux Command\r\n -w WINDOWS_CMD Windows Command\r\n -d DOMAIN_SEARCH Domain to Check Commands On\r\nSource: https://github.com/rek7/ddoor\r\nhttps://github.com/rek7/ddoor\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/rek7/ddoor"
	],
	"report_names": [
		"ddoor"
	],
	"threat_actors": [],
	"ts_created_at": 1775439154,
	"ts_updated_at": 1775791289,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d88d7bc10c3a4fefc2fb11f47c783a2451071489.pdf",
		"text": "https://archive.orkl.eu/d88d7bc10c3a4fefc2fb11f47c783a2451071489.txt",
		"img": "https://archive.orkl.eu/d88d7bc10c3a4fefc2fb11f47c783a2451071489.jpg"
	}
}