SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.kaiten (Back to overview)

Kaiten

aka: STD
URLhaus    

According to netenrich, Kaiten is a Trojan horse that opens a back door on the compromised computer that allows it to perform other malicious activities. The trojan does not create any copies of itself. This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

References
2021-12-11SymantecThreat Hunter Team
@online{team:20211211:apache:1350d42, author = {Threat Hunter Team}, title = {{Apache Log4j Zero-Day Being Exploited in the Wild}}, date = {2021-12-11}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apache-log4j-zero-day}, language = {English}, urldate = {2021-12-31} } Apache Log4j Zero-Day Being Exploited in the Wild
Kaiten
2021-03-18laceworkChris Hall
@online{hall:20210318:kek:94c6e57, author = {Chris Hall}, title = {{The “Kek Security” Network}}, date = {2021-03-18}, organization = {lacework}, url = {https://www.lacework.com/blog/the-kek-security-network/}, language = {English}, urldate = {2023-03-17} } The “Kek Security” Network
Kaiten N3Cr0m0rPh
2020-10-13blackarrowBorja Merino
@online{merino:20201013:attackers:48848a5, author = {Borja Merino}, title = {{Attackers Abuse MobileIron’s RCE to deliver Kaiten}}, date = {2020-10-13}, organization = {blackarrow}, url = {https://www.blackarrow.net/attackers-abuse-mobileirons-rce-to-deliver-kaiten/}, language = {English}, urldate = {2020-10-23} } Attackers Abuse MobileIron’s RCE to deliver Kaiten
Kaiten
2020-09-08Trend MicroAugusto Remillano II
@online{ii:20200908:exposed:baa98d4, author = {Augusto Remillano II}, title = {{Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot}}, date = {2020-09-08}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/20/i/exposed-docker-server-abused-to-drop-cryptominer-ddos-bot-.html}, language = {English}, urldate = {2020-09-23} } Exposed Docker Server Abused to Drop Cryptominer, DDoS Bot
Kaiten
2016-10-01AkamaiAkamai
@techreport{akamai:20161001:kaitenstd:40de1e6, author = {Akamai}, title = {{Kaiten/STD router DDoS Malware}}, date = {2016-10-01}, institution = {Akamai}, url = {https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/kaiten-std-router-ddos-malware-threat-advisory.pdf}, language = {English}, urldate = {2020-01-08} } Kaiten/STD router DDoS Malware
Kaiten
Yara Rules
[TLP:WHITE] elf_kaiten_w0 (20170413 | Kaiten/STD DDoS malware)
import "elf"

rule elf_kaiten_w0 {
    meta:
        author = "Akamai SIRT"
        description = "Kaiten/STD DDoS malware"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/elf.kaiten"
        malpedia_version = "20170413"
        malpedia_license = "CC BY-NC-SA 4.0"
        malpedia_sharing = "TLP:WHITE"

    strings:
        $s0 = "shitteru koto dake"
        $s1 = "nandemo wa shiranai wa yo,"
    condition:
        elf.number_of_sections == 0 and
        elf.number_of_segments == 2 and
        $s0 and $s1
}
Download all Yara Rules