<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=179060&amp;fmt=gif">

Minerva Labs Blog

News & Reports

Rig Exploit Kit Resurges  - Minerva Prevents The Attack

The Minerva Labs Research team has recently encountered a resurgence in Rig exploit kit. This infamous exploit kit has been reportedly used by threat actors since 2015 (as reported by Trustwave). Our encounter entailed an unknown Internet Explorer vulnerability (version 11.00.9600.19178) which is exploited in order to execute malicious commands on the target machine.

The command drops a Javascript file to disk, that is then executed by a wscript process. The command line supplied C2 address is contacted in order to download the final payload, which in a similar case posted by BroadAnalysis was Sodinokibi ransomware.


Contact Us


Minerva prevents Rig Exploit Kit with our Living Off the Land protection, hiding key operating system features form attackers:

IOCs:

C2:

http://116[.]202[.]177[.]131/?MjU2ODM2^&bOwWDvmg^&obyvan4=wnzQMvXcLBXQFYPCJPPcTKZEM1HRH0SD2YuYnLG3YpzNZGX_0vHDfF_yrwrcCl6JtcMoL^&KRiLAWVF=why^&OojPmAB=twix^&OwM=why^&PZlbwDcf=bobs^&XaeCCeiPN=pinny^&shufflet4=OBXaQHjjEbWewc1ldoMUVsX962t2hDVyxeeg8TU_kaKMlhGrpSSJLI40F_zzYFJMMgl9w^&QKelWLRtH=street^&sZb=cars^&oaCImbZvB=why^&yfmWexqE=street^&JehFhNJ=why^&vSjmTv=twix^&kXa=community^&naeMjM5NDA5

Hashes:

b948f0114e6cecd076a891f0961cd96441309d210e8ba16dd48014b24690895d

(the javascript file)

If you've been the victim of an exploit kit attack, or you'd like to learn more about how to prevent ransomware attacks, please contact us

Interested in Minerva? Request a Demo Below

Stay Informed

Sign up for the Minerva newsletter and stay on top of the latest cybersecurity news.

Topics

see all