Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules
Aug. 23, 2024, 10 a.m.
Tags
External References
Description
Stroz Friedberg discovered sedexp, a stealthy Linux malware that utilizes udev rules to achieve persistence and evade detection. It provides reverse shell capabilities and advanced concealment tactics. Employed by a financially motivated threat actor, sedexp hides credit card scraping code, indicating a focus on financial gain. Despite being active since 2022, multiple public instances had zero detections, highlighting its evasive nature.
Date
Published: Aug. 23, 2024, 9:39 a.m.
Created: Aug. 23, 2024, 9:39 a.m.
Modified: Aug. 23, 2024, 10 a.m.
Indicators
b981948d51e344972d920722385f2370caf1e4fac0781d508bc1f088f477b648
94ef35124a5ce923818d01b2d47b872abd5840c4f4f2178f50f918855e0e5ca2
43f72f4cdab8ed40b2f913be4a55b17e7fd8a7946a636adb4452f685c1ffea02
Attack Patterns
sedexp
T1014
T1564
T1082
T1083
T1543
T1055
T1036
T1027
T1059