Rig Exploit Kit from 126.96.36.199 sends Bot [Updated]
Today I saw a Flash Exploit which appears to be sending Bot malware. At present I was unable to complete the infection chain but did capture payload and associated traffic. I am unable to classify as to which flash exploit kit.
Emerging Threats rules set is identifying the flash exploit as the Rig Exploit Kit.
- 188.8.131.52 – talleresruiz.com – Redirect to LANDING PAGE
- 184.108.40.206 – fe.wildwood-suites.com – GET /?xH6 – Rig EK LANDING PAGE
IMAGES and DETAILS:
MALICIOUS PAYLOAD FROM EXPLOIT: