Threat Research

    Potential KamiKakaBot Activity - Winlogon Shell Persistence

    Detects modifications to the "Winlogon" registry key, where the "Shell" value is set to a value associated with KamiKakaBot samples to establish persistence....
    2/13/2025  0
    Read More »

    Potential KamiKakaBot Activity - Lure Document Execution

    Detects the execution of a Word document through the WinWord Start Menu shortcut. This technique has been observed in KamiKakaBot samples to trigger the second stage of infection....
    2/12/2025  0
    Read More »

    Potential KamiKakaBot Activity - Shutdown Schedule Task Creation

    Detects the creation of a scheduled task configured to run weekly and executes the "shutdown /l /f" command. This behavior has been observed in KamiKakaBot samples as a method to maintain persistence on a system....
    1/6/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.