Overview
Case steps1Steps described in the case record.
Techniques1Attack methods mentioned in the case steps.
Linked CVEs0Known vulnerabilities mentioned in the record.
Risk patterns
Patterns found in the case record and its linked vulnerabilities.
- 1Dominant ATLAS tactic. Command and Control appears in 1 case steps.
Procedure timeline
Search the case steps or filter them by attacker goal.
Command and Control1
-
Command and Control
Step 1
AI Service API
The threat actor abused the OpenAI Assistants API to relay commands to the SesameOp malware, which executed them on the victim system, and sent the results back to the threat actor via the same channel. Both commands and results are encrypted. SesameOp cleaned up its tracks by deleting the Assistants and Messages it created and used for communication.
Mitigations
Defenses connected to the attack methods in this case.
No connected defenses found for this case. Built from the attack methods identified in the case record.
Sources
Original public records and references for this case.
Original source
Original source links
Open the MITRE ATLAS data and public references used for this case study.
Repositoryhttps://github.com/mitre-atlas/atlas-dataATLAS.yamlhttps://github.com/mitre-atlas/atlas-data/blob/main/dist/ATLAS.yamlSchemahttps://github.com/mitre-atlas/atlas-data/blob/main/dist/schemas/atlas_output_schema.jsonSesameOp: Novel backdoor uses OpenAI Assistants API for command and controlhttps://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/