Indicator (IOC)
Essential information
- Value / Name
9dc9b25a212a0178f6f3d7789f8be10f57bca164- Confidence
- 100/100
- Revoked
- Yes
- Valid from
- 09/08/2023 23:44
- Valid until
- 11/11/2024 22:44
- Pattern type
- yara
- Published
- 20/12/2025 19:40
- Modified
- 21/12/2025 00:57
- Author / Source
- AlienVault
Description
No description.
Pattern
rule CISA_10452108_01 : SEASPY backdoor communicates_with_c2 installs_other_components
{
meta:
Author = "CISA Code & Media Analysis"
Incident = "10452108"
Date = "2023-06-20"
Last_Modified = "20230628_1000"
Actor = "n/a"
Family = "SEASPY"
Capabilities = "communicates-with-c2 installs-other-components"
Malware_Type = "backdoor"
Tool_Type = "unknown"
Description = "Detects malicious Linux SEASPY samples"
SHA256_1 = "3f26a13f023ad0dcd7f2aa4e7771bba74910ee227b4b36ff72edc5f07336f115"
SHA256_2 = "69935a1ce0240edf42dbe24535577140601bcf3226fa01e4481682f6de22d192"
SHA256_3 = "5f5b8cc4d297c8d46a26732ae47c6ac80338b7be97a078a8e1b6eefd1120a5e5"
SHA256_4 = "10efa7fe69e43c189033006010611e84394569571c4f08ea1735073d6433be81"
strings:
$s0 = { 2e 2f 42 61 72 72 61 63 75 64 61 4d 61 69 6c 53 65 72 76 69 63 65 20 65 74 68 30 }
$s1 = { 75 73 61 67 65 3a 20 2e 2f 42 61 72 72 61 63 75 64 61 4d 61 69 6C 53 65 72 76 69 63 65 20 3c 4e 65 74 77 6f 72 6b 2d 49 6e 74 65 72 66 61 63 65 }
$s2 = { 65 6e 74 65 72 20 6f 70 65 6e 20 74 74 79 20 73 68 65 6c 6c }
$s3 = { 25 64 00 4e 4f 20 70 6f 72 74 20 63 6f 64 65 }
$s4 = { 70 63 61 70 5f 6c 6f 6f 6b 75 70 6e 65 74 3a 20 25 73 }
$s5 = { 43 68 69 6c 64 20 70 72 6f 63 65 73 73 20 69 64 3a 25 64 }
$s6 = { 5b 2a 5d 53 75 63 63 65 73 73 21 }
$a7 = { bf 90 47 90 ec 18 fe e3 83 e2 a9 f7 8d 85 18 1d }
$a8 = { 81 35 1e f0 94 ab 2a ba 5d f0 37 76 69 19 9f 1e }
$a9 = { 6a 8e c7 89 ce c1 fe 64 78 a6 e1 c5 fe 03 d1 a7 }
$a10 = { c2 ff d1 0d 24 23 ec c0 57 f9 8d 4b 05 34 41 b8 }
condition:
uint32(0) == 0x464c457f and (all of ($s*)) or ( all of ($a*))
}Labels / Tags
Marking (TLP)
TLP:CLEAR
Related entities
No linked attack reports or intrusion sets yet.