Kaiten (Malware Family)

Kaiten

aka: STD

URLhaus

According to netenrich, Kaiten is a Trojan horse that opens a back door on the compromised computer that allows it to perform other malicious activities. The trojan does not create any copies of itself. This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

References

2021-12-11 ⋅ Symantec ⋅ Threat Hunter Team
Apache Log4j Zero-Day Being Exploited in the Wild
Kaiten

2021-03-18 ⋅ lacework ⋅ Chris Hall
The “Kek Security” Network
Kaiten N3Cr0m0rPh

2020-10-13 ⋅ blackarrow ⋅ Borja Merino
Attackers Abuse MobileIron’s RCE to deliver Kaiten
Kaiten

2020-09-08 ⋅ Trend Micro ⋅ Augusto Remillano II
Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot
Kaiten

2016-10-01 ⋅ Akamai ⋅ Akamai
Kaiten/STD router DDoS Malware
Kaiten

Yara Rules

[TLP:WHITE] elf_kaiten_w0 (20170413 | Kaiten/STD DDoS malware)

import "elf"

rule elf_kaiten_w0 {
    meta:
        author = "Akamai SIRT"
        description = "Kaiten/STD DDoS malware"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/elf.kaiten"
        malpedia_version = "20170413"
        malpedia_license = "CC BY-NC-SA 4.0"
        malpedia_sharing = "TLP:WHITE"

    strings:
        $s0 = "shitteru koto dake"
        $s1 = "nandemo wa shiranai wa yo,"
    condition:
        elf.number_of_sections == 0 and
        elf.number_of_segments == 2 and
        $s0 and $s1
}

Download all Yara Rules

Kaiten Propose Change

References

Yara Rules

Kaiten