APT_CIA_LNX_Xdr33_HIVE_Kit_Jan23_1

Rule Info

Name
APT_CIA_LNX_Xdr33_HIVE_Kit_Jan23_1
Author
Florian Roth
Description
Detects Xdr33 a variant of CIA's HIVE attack kit
Score
80
Reference
https://blog.netlab.360.com/headsup_xdr33_variant_of_ciahive_emeerges/
Date
2023-01-10
Minimum Yara
1.7
Rule Hash
963465d400e54e1c37278f199c17dee8
Tags
['LINUX', 'APT']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/apt_cia_lnx_xdr33_hive_kit_jan23_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
17
Suspicious (< 10 engines)
5
Clean (0 engines)
0

Rule Matches

Timestamp
Positives
Total
Hash
VT
2025-09-26 21:58:58
4
66
61d06d653e7018f889e075f470f83ab54beebe1b06356497a41cebc2a9775473
2025-03-06 06:11:02
27
64
7ad21980adb508245fd4c7f70f64872dd9cba68781a949570e53280f815e5dc5
2025-01-01 15:56:10
2
64
0e2aeb9b2f0e0ba891cda89feeb22e15b6c1ffae6f8ada5aab9ef585972440b9
2024-06-11 12:33:03
33
67
34b6e852569a7f49d9a543a2a4d2fadce589b6d42e792f8493033767e51c4d9c
2024-03-11 23:09:40
12
64
a1b5874404d2201254e6aa451246d187a577bae7a64599469dd4240afc188669
2023-12-23 01:19:18
27
63
115eb4c0803c579ad4ba91e595583013ba473b7030e8d02b07b278872d21510b
2023-12-19 02:16:02
32
63
f01b91aef01d4e3023186a544ef8681b9cd681c579c5e5c2c61d50afd3d6cf67
2023-11-30 01:33:54
30
63
1b23af4f7e36a3c3f35b7d50f8775459e0bd33a06b9228c5feb88d6831b94d11
2023-11-24 10:01:10
34
63
2deb748f16edab46b6101d5591adea9ed553dc5487e575173f3b8d195212141b
2023-11-23 08:47:37
33
63
3946e51a21fd59c281f429deaa053cea86017308b848c8e7b386cb384002ff90
2023-11-23 01:23:42
27
57
578a00a227744fea1008f03b3e0ede5ac606019973f5ba0c120df533b356c340
2023-10-04 14:16:02
27
63
b6109fd1e4f4fbc63f9b06ebe0cbf0f9ccbc950c088126aaa954f4700c155757
2023-10-04 14:10:02
26
63
7839e97152361b14fb46ebd39d81e7a8ae69f6c8e34120db4d9d95438aabc554
2023-07-12 00:01:25
17
58
a446952c058a31aef3ecce25bd8f7a9f115d2a47274b151ff5423fd6f31bd2d8
2023-07-08 18:35:03
8
61
4c17dccd7a47d195a6cdd9374119415a0ea561a3e9c19dc2622325a589b78676
2023-04-09 16:10:44
4
62
c269c5b39d8684b5650aaadacfb40ed6fbcb1c26b910f54c1fb09429e90cf55d
2023-03-17 11:47:35
29
62
6f74c13521558b50c6dd0801b5611ca2ac7d2751890246afa27b478928a8546b
2023-03-17 05:49:49
3
62
beb0ebe575e24ef55964c7497646b0290768069b81bb81b50ad4be023c3fe0c6
2023-02-01 13:24:03
15
59
c3d3e9246cbd8c7ab9d52f37465277aead6010c3f145903919f2d34a31650ac4
2023-01-18 19:06:09
28
62
0264f56c0bd182a8f3723cbe7defe7dbe0f4d054978bb76796d878d058dcd1c1
2023-01-11 22:22:16
26
62
f78075951f0272020ca33fee78c3cf9007a0db1842af5cd0eeab518ccc915b16
2023-01-11 22:22:06
22
63
d7b72049a7ec324c2050d9dffd615c0d1e7752e384b9e6cb838e9e026fe7771f

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022