APT_DarkPink_KamiKakaBot_Mar23

Rule Info

Name
APT_DarkPink_KamiKakaBot_Mar23
Author
MalGamy
Description
Detects KamiKakaBot that is used by DarkPink threat actors
Score
80
Reference
https://blog.eclecticiq.com/dark-pink-apt-group-strikes-government-entities-in-south-asian-countries
Date
2023-03-10
Minimum Yara
1.7
Rule Hash
37336cda988c980a43849b789a4888a5
Tags
['APT', 'FILE', 'EXE']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/apt_darkpink_kamikakabot_mar23/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
3
Suspicious (< 10 engines)
0
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2023-04-27 19:09:26
42
69
2a9f92d42d562144dd368883b457241aab743680e24c1056bd59515a2d35ae65
2023-04-27 19:08:29
44
69
b23d6ab48067fd01e954ecefa70a8469256e70cee815d4a1249196deb0760043
2023-03-29 10:47:58
35
68
06ecb4ae52acd132706830e3f1d4885dfb1a89b2925130d62a55b635e8ef36fd

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022