SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.xdr33 (Back to overview)

xdr33

According to 360 netlab, this backdoor was derived from the leaked CIA Hive project. It propagates via a vulnerability in F5 and communicates using SSL with a forged Kaspersky certificate.

References
2023-01-10360 netlabAlex Turing, Hui Wang
@online{turing:20230110:heads:afb8678, author = {Alex Turing and Hui Wang}, title = {{Heads up! Xdr33, A Variant Of CIA’s HIVE Attack Kit Emerges}}, date = {2023-01-10}, organization = {360 netlab}, url = {https://blog.netlab.360.com/headsup_xdr33_variant_of_ciahive_emeerges/}, language = {English}, urldate = {2023-01-25} } Heads up! Xdr33, A Variant Of CIA’s HIVE Attack Kit Emerges
xdr33

There is no Yara-Signature yet.