Tag: 302 Cushioning


Traffic Distribution System is Funneling Traffic to RIG-v Exploit Kit

On November 28th of this year my host was redirected to a RIG-v exploit kit server, however, this time the redirect came from a suspicious looking web page. This was somewhat unusual for me as the majority of exploit kit infections that I deal with begin when a user visits a legitimate site. These vulnerable ...


302 Redirects from Traffic Distribution System Led to RIG-V EK at Dropped Downloader & “XKeyScore” Keylogger

IOCs: GET /in/traf/ – 302 redirect via port 18001 (BossTDS port) GET /boom/mix.php – 302 redirect via port 18001 (BossTDS port) – try.uludan.com – Rig-V EK (landing page, Flash exploit, and payload) – POST /faa38820fa/dd6c45917a/d23d3e97c0/chat.php – Base64 encoded data being POSTed back – GET /~mysuperp/crypt2_7038.exe – Additional malware downloaded – POST ...