Rule Library
Sigma Rules
3 rules found for "KamiKakaBot"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threatmediumtest
Potential KamiKakaBot Activity - Lure Document Execution
Detects the execution of a Word document via the WinWord Start Menu shortcut. This behavior was observed being used by KamiKakaBot samples in order to initiate the 2nd stage of the infection.
WindowsProcess Creation
Nasreddine Bencherchali (Nextron Systems)+1Fri Mar 222024
Emerging Threatmediumtest
Potential KamiKakaBot Activity - Shutdown Schedule Task Creation
Detects the creation of a schedule task that runs weekly and execute the "shutdown /l /f" command. This behavior was observed being used by KamiKakaBot samples in order to achieve persistence on a system.
WindowsProcess Creation
Nasreddine Bencherchali (Nextron Systems)+1Fri Mar 222024
Emerging Threathightest
Potential KamiKakaBot Activity - Winlogon Shell Persistence
Detects changes to the "Winlogon" registry key where a process will set the value of the "Shell" to a value that was observed being used by KamiKakaBot samples in order to achieve persistence.
WindowsRegistry Set
Nasreddine Bencherchali (Nextron Systems)+1Fri Mar 222024