Potential kamikakabot activity – shutdown schedule task creation

Intel Name: Potential kamikakabot activity – shutdown schedule task creation

Date of Scan: January 6, 2025

Impact: Medium

Summary:
Detects the creation of a scheduled task configured to run weekly and executes the “shutdown /l /f” command. This behavior has been observed in KamiKakaBot samples as a method to maintain persistence on a system.

More Details