SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.kaiten (Back to overview)

Kaiten

aka: STD
URLhaus    

According to netenrich, Kaiten is a Trojan horse that opens a back door on the compromised computer that allows it to perform other malicious activities. The trojan does not create any copies of itself. This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

References
2021-12-11SymantecThreat Hunter Team
Apache Log4j Zero-Day Being Exploited in the Wild
Kaiten
2021-03-18laceworkChris Hall
The “Kek Security” Network
Kaiten N3Cr0m0rPh
2020-10-13blackarrowBorja Merino
Attackers Abuse MobileIron’s RCE to deliver Kaiten
Kaiten
2020-09-08Trend MicroAugusto Remillano II
Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot
Kaiten
2016-10-01AkamaiAkamai
Kaiten/STD router DDoS Malware
Kaiten
Yara Rules
[TLP:WHITE] elf_kaiten_w0 (20170413 | Kaiten/STD DDoS malware)
import "elf"

rule elf_kaiten_w0 {
    meta:
        author = "Akamai SIRT"
        description = "Kaiten/STD DDoS malware"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/elf.kaiten"
        malpedia_version = "20170413"
        malpedia_license = "CC BY-NC-SA 4.0"
        malpedia_sharing = "TLP:WHITE"

    strings:
        $s0 = "shitteru koto dake"
        $s1 = "nandemo wa shiranai wa yo,"
    condition:
        elf.number_of_sections == 0 and
        elf.number_of_segments == 2 and
        $s0 and $s1
}
Download all Yara Rules