Rig Exploit Kit from 18.104.22.168 sends Bot [Updated]
Today I saw a Flash Exploit which appears to be sending Bot malware. At present I was unable to complete the infection chain but did capture payload and associated traffic. I am unable to classify as to which flash exploit kit.
Emerging Threats rules set is identifying the flash exploit as the Rig Exploit Kit.
- 22.214.171.124 – talleresruiz.com – Redirect to LANDING PAGE
- 126.96.36.199 – fe.wildwood-suites.com – GET /?xH6 – Rig EK LANDING PAGE
IMAGES and DETAILS:
MALICIOUS PAYLOAD FROM EXPLOIT: