New backdoor based on HIVE project in the wild
released on 2023-01-09 @ 09:51:13 AM
Last October, a honeypot system captured a suspicious ELF file propagated through the F5 vulnerability and detected by VirusTotal. After analysis, the researchers discovered that the sample was based on the source code of the HIVE project by the CIA. Based on the CN, the sample has been named xdr33. This malware is a backdoor Trojan born out of the CIA Hive project and its main purpose is to collect sensitive information and provide a foothold for subsequent intrusions