Intel Name: Potential kamikakabot activity – winlogon shell persistence
Date of Scan: February 13, 2025
Impact: High
Summary: Detects modifications to the “Winlogon” registry key, where the “Shell” value is set to a value associated with KamiKakaBot samples to establish persistence.
