Threat Actor Profile
High
APT
Description
Rancor is a threat group that has led targeted campaigns against the South East Asia region. Rancor uses politically-motivated lures to entice victims to open malicious documents. (Citation: Rancor Unit42 June 2018)
Confidence Score
Known Aliases
Rancor
Tags
mitre-attack
stix-2.1
intrusion-set
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (9)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': ['Rancor'],
'created': '2018-10-17T00:14:20.652Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '[Rancor](https://attack.mitre.org/groups/G0075) is a threat '
'group that has led targeted campaigns against the South East '
'Asia region. [Rancor](https://attack.mitre.org/groups/G0075) '
'uses politically-motivated lures to entice victims to open '
'malicious documents. (Citation: Rancor Unit42 June 2018)',
'external_references': [{'external_id': 'G0075',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G0075'},
{'description': '(Citation: Rancor Unit42 June 2018)',
'source_name': 'Rancor'},
{'description': 'Ash, B., et al. (2018, June 26). '
'RANCOR: Targeted Attacks in South '
'East Asia Using PLAINTEE and DDKONG '
'Malware Families. Retrieved July 2, '
'2018.',
'source_name': 'Rancor Unit42 June 2018',
'url': 'https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/'}],
'id': 'intrusion-set--f40eb8ce-2a74-4e56-89a1-227021410142',
'modified': '2024-02-09T19:30:38.407Z',
'name': 'Rancor',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'intrusion-set',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_version': '1.3'}