Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules

Aug. 23, 2024, 10 a.m.

Description

Stroz Friedberg discovered sedexp, a stealthy Linux malware that utilizes udev rules to achieve persistence and evade detection. It provides reverse shell capabilities and advanced concealment tactics. Employed by a financially motivated threat actor, sedexp hides credit card scraping code, indicating a focus on financial gain. Despite being active since 2022, multiple public instances had zero detections, highlighting its evasive nature.

Date

Published: Aug. 23, 2024, 9:39 a.m.

Created: Aug. 23, 2024, 9:39 a.m.

Modified: Aug. 23, 2024, 10 a.m.

Indicators

b981948d51e344972d920722385f2370caf1e4fac0781d508bc1f088f477b648

94ef35124a5ce923818d01b2d47b872abd5840c4f4f2178f50f918855e0e5ca2

43f72f4cdab8ed40b2f913be4a55b17e7fd8a7946a636adb4452f685c1ffea02

Attack Patterns

sedexp

T1014

T1564

T1082

T1083

T1543

T1055

T1036

T1027

T1059