Malware2024

KamiKakaBot

3Rules

2References

1Folders

2024-03-22Latest

Summary

KamiKakaBot is tracked here as a malware family or toolset with 3 Sigma detections spanning 2024. Coverage centers on windows / process_creation, windows / registry_set.

Related Detections

Search this threat

Emerging Threatmediumtest

Potential KamiKakaBot Activity - Lure Document Execution

Detects the execution of a Word document via the WinWord Start Menu shortcut. This behavior was observed being used by KamiKakaBot samples in order to initiate the 2nd stage of the infection.

WindowsProcess Creation

TA0002 · ExecutionT1059 · Command and Scripting Interpreterdetection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)+1Fri Mar 222024

Emerging Threatmediumtest

Potential KamiKakaBot Activity - Shutdown Schedule Task Creation

Detects the creation of a schedule task that runs weekly and execute the "shutdown /l /f" command. This behavior was observed being used by KamiKakaBot samples in order to achieve persistence on a system.

WindowsProcess Creation

TA0003 · Persistencedetection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)+1Fri Mar 222024

Emerging Threathightest

Potential KamiKakaBot Activity - Winlogon Shell Persistence

Detects changes to the "Winlogon" registry key where a process will set the value of the "Shell" to a value that was observed being used by KamiKakaBot samples in order to achieve persistence.

WindowsRegistry Set

TA0004 · Privilege EscalationTA0003 · PersistenceT1547.001 · Registry Run Keys / Startup Folderdetection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)+1Fri Mar 222024

References