Analytics Story: SesameOp

Date: 2025-12-10 ID: 26b6c7c5-351b-489f-8053-da6cbaa74479 Author: Teoderick Contreras, Splunk Product: Splunk Enterprise Security

Description

SesameOp is a Backdoor that abuses the OpenAI Assistants API as its command-and-control (C2) channel. Instead of using a traditional malicious server infrastructure, the malware loads a heavily obfuscated .NET DLL (Netapi64.dll / OpenAIAgent.Netapi64) which reaches out to the Assistants API to fetch encrypted, compressed commands and then executes them on the infected host. Results from these commands are likewise compressed, encrypted and sent back via the same legitimate API channel — effectively hiding malicious traffic in seemingly normal API calls. To evade detection, it injects into the host using .NET AppDomainManager injection, maintains persistence over time, and obfuscates communications via symmetric and asymmetric encryption plus compression.

Why it matters

SesameOp is a stealthy backdoor discovered in July 2025 that abuses the OpenAI Assistants API as a covert command-and-control channel. It comprises two components, a heavily obfuscated loader (Netapi64.dll) and a .NET-based backdoor (OpenAIAgent.Netapi64). The loader uses .NET AppDomainManager injection to persist within otherwise legitimate host processes such as developer tools. Once active, the backdoor fetches encrypted, compressed commands hidden in AI-assistant metadata from the OpenAI API, executes them locally, and returns results using the same legitimate HTTPS traffic. Because the traffic resembles normal AI API usage, it easily evades standard network detection methods.

Detections

Name ▲▼	Technique ▲▼	Type ▲▼
Executables Or Script Creation In Suspicious Path	Masquerading	Anomaly
Executables Or Script Creation In Temp Path	Masquerading	Anomaly
Windows AI Platform DNS Query	DNS	Anomaly
Windows Potential AppDomainManager Hijack Artifacts Creation	AppDomainManager	Anomaly
Windows Process Execution in Temp Dir	Create or Modify System Process, Match Legitimate Resource Name or Location	Anomaly
Windows Suspicious Process File Path	Create or Modify System Process, Match Legitimate Resource Name or Location	TTP

Data Sources

Name ▲▼	Platform ▲▼	Sourcetype ▲▼	Source ▲▼
CrowdStrike ProcessRollup2	Other	`crowdstrike:events:sensor`	`crowdstrike`
Sysmon EventID 1	Windows	`XmlWinEventLog`	`XmlWinEventLog:Microsoft-Windows-Sysmon/Operational`
Sysmon EventID 11	Windows	`XmlWinEventLog`	`XmlWinEventLog:Microsoft-Windows-Sysmon/Operational`
Sysmon EventID 22	Windows	`XmlWinEventLog`	`XmlWinEventLog:Microsoft-Windows-Sysmon/Operational`
Windows Event Log Security 4688	Windows	`XmlWinEventLog`	`XmlWinEventLog:Security`

References

https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/

Source: GitHub | Version: 1