{
  "name": "Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules",
  "slug": "unveiling-sedexp-a-stealthy-linux-malware-exploiting-udev-rules",
  "description": "Stroz Friedberg discovered sedexp, a stealthy Linux malware that utilizes udev rules to achieve persistence and evade detection. It provides reverse shell capabilities and advanced concealment tactics. Employed by a financially motivated threat actor, sedexp hides credit card scraping code, indicating a focus on financial gain. Despite being active since 2022, multiple public instances had zero detections, highlighting its evasive nature.",
  "published": "2024-08-23T07:39:08+00:00",
  "created_at": "2024-08-23T07:39:08+00:00",
  "modified_at": "2024-08-23T08:00:38+00:00",
  "created_at_opencti": "2024-08-23T07:39:08+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-08-23",
    "concealment",
    "evasion",
    "linux",
    "persistence",
    "reverse shell",
    "sedexp"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "b981948d51e344972d920722385f2370caf1e4fac0781d508bc1f088f477b648"
      },
      {
        "id": "",
        "name": "94ef35124a5ce923818d01b2d47b872abd5840c4f4f2178f50f918855e0e5ca2"
      },
      {
        "id": "",
        "name": "43f72f4cdab8ed40b2f913be4a55b17e7fd8a7946a636adb4452f685c1ffea02"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:799760c14f4172ac",
        "name": "sedexp",
        "slug": "sedexp"
      }
    ],
    "attack_patterns": [
      {
        "id": "41af8283-2fa5-469e-9c29-e8ad77b4f224",
        "name": "T1014"
      },
      {
        "id": "b9a3b4f8-b9c0-4ed8-bf5e-bf759b9804d6",
        "name": "T1564"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "af9ed2e3-4663-4723-beab-c606ddc312e0",
        "name": "T1543"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp",
    "https://otx.alienvault.com/pulse/66c858bc5f6dcdea98f47691"
  ]
}