Versions (3)
Version DetailsCurrent
Rev: 1 • Jan 10, 2023, 12:00 PMET MALWARE XDR33 CnC Server SSL Certificate Observed
alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE XDR33 CnC Server SSL Certificate Observed"; flow:established,to_client; tls.cert_subject; content:"C=RU, O=Kaspersky Laboratory, CN=Engineering, CN=server33, ST=Moscow, L=Moscow, OU=IT"; reference:url,blog.netlab.360.com/headsup_xdr33_variant_of_ciahive_emeerges/; classtype:trojan-activity; sid:2043263; rev:1; metadata:affected_product Any, attack_target Client_and_Server, created_at 2023_01_10, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_01_10;)
Jan 10, 2023, 12:00 PM
Jan 10, 2023, 12:00 PM
Jan 10, 2023, 11:00 PM
Aug 26, 2025, 9:34 PM
rules/emerging-malware.rules