According to 360 netlab, this backdoor was derived from the leaked CIA Hive project. It propagates via a vulnerability in F5 and communicates using SSL with a forged Kaspersky certificate.
|2023-01-10 ⋅ 360 netlab ⋅ |
Heads up! Xdr33, A Variant Of CIA’s HIVE Attack Kit Emerges
There is no Yara-Signature yet.