IPsec Helper

Description

(SentinelLabs) The backdoor malware requires installation as a service. It is registered as ‘IPsec Helper’. Upon execution, it sleeps for a random number of seconds (iterating 200 times over sleeps between 1 to 3 seconds). It then checks for an internet connection by connecting to a predefined list of Microsoft servers.

Names

Name
IPsec Helper

Type

Backdoor
Downloader
Exfiltration

Information

https://assets.sentinelone.com/sentinellabs/evol-agrius

Mitre Attack

https://attack.mitre.org/software/S1132

Other Information

Uuid

56a2da3c-f648-4399-9cf7-3681044b8030

Last Card Change

2024-12-29

Threat Intelligence Garden

Explorer

IPsec Helper

IPsec Helper

Description

Names

Category

Type

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks