SYMBOLCOMMON_NAMEaka. SYNONYMS
win.seadaddy (Back to overview)

SEADADDY

aka: SeaDuke, Seadask

Actor(s): APT29

Backdoor written in Python 2, deployed with PyInstaller.

References
2020-07-14Cyborg SecurityAustin Jackson
@online{jackson:20200714:python:6b03611, author = {Austin Jackson}, title = {{PYTHON MALWARE ON THE RISE}}, date = {2020-07-14}, organization = {Cyborg Security}, url = {https://www.cyborgsecurity.com/cyborg_labs/python-malware-on-the-rise/}, language = {English}, urldate = {2020-12-23} } PYTHON MALWARE ON THE RISE
Poet RAT PyLocky SEADADDY
2017-02-20Contagio DumpMila Parkour
@online{parkour:20170220:part:c54b5de, author = {Mila Parkour}, title = {{Part I. Russian APT - APT28 collection of samples including OSX XAgent}}, date = {2017-02-20}, organization = {Contagio Dump}, url = {https://contagiodump.blogspot.de/2017/02/russian-apt-apt28-collection-of-samples.html}, language = {English}, urldate = {2019-11-26} } Part I. Russian APT - APT28 collection of samples including OSX XAgent
X-Agent Komplex Coreshell Downdelph HideDRV SEADADDY Sedreco Seduploader X-Agent XTunnel
2016-06-15CrowdStrikeDmitri Alperovitch
@online{alperovitch:20160615:bears:604c1d9, author = {Dmitri Alperovitch}, title = {{Bears in the Midst: Intrusion into the Democratic National Committee}}, date = {2016-06-15}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/}, language = {English}, urldate = {2022-03-14} } Bears in the Midst: Intrusion into the Democratic National Committee
X-Agent ATI-Agent SEADADDY Seduploader X-Agent XTunnel APT28
2015-07-13SymantecA L Johnson
@online{johnson:20150713:forkmeiamfamous:64957d9, author = {A L Johnson}, title = {{“Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory}}, date = {2015-07-13}, organization = {Symantec}, url = {https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=6ab66701-25d7-4685-ae9d-93d63708a11c&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments}, language = {English}, urldate = {2020-08-19} } “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory
SEADADDY
2014-07-15Palo Alto Networks Unit 42Josh Grunzweig
@online{grunzweig:20140715:unit:0cf98cb, author = {Josh Grunzweig}, title = {{Unit 42 Technical Analysis: Seaduke}}, date = {2014-07-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit-42-technical-analysis-seaduke/}, language = {English}, urldate = {2020-08-19} } Unit 42 Technical Analysis: Seaduke
SEADADDY

There is no Yara-Signature yet.