2017-01-27 - MORE AFRAIDGATE RIG-V

ASSOCIATED FILES:

BACKGROUND ON RIG EXPLOIT KIT:

BACKGROUND ON THE AFRAIDGATE CAMPAIGN:

OTHER NOTES:


Shown above:  Flowchart for this infection traffic.

 

TRAFFIC


Shown above:  First time I checked piatti.com, the infection chain only got as far as the Godzilla loader.

 


Shown above:  The second time I checked, the infection chain gave me Madness DDoS botnet malware instead.

 


Shown above:  The third time I tried for an Afraidgate infection, I got the same type of infection chain as yesterday.

 

COMPROMISED WEBSITES:

AFRAIDGATE REDIRECT URLS:

RIG-V DOMAINS:

POST-INFECTION TRAFFIC:

 

FILE HASHES

RIG-V FLASH EXPLOITS:

 

RIG-V PAYLOADS FROM THE AFRAIDGATE CAMPAIGN:

FOLLOW-UP MALWARE:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.