Tag: Neutrino Bot

Exploit Kit

Shadow Server Domains Leading to RIG Exploit Kit Dropping Smoke Loader. Downloaded Neutrino Bot (AKA Kasidet).

Brief History These infection chains began from IOCs collected by Zain Gardezi over at FireEye. You can read the report HERE. The report contained a lot of IOCs, but the one that I want to highlight is the IP address 173.208.245.114. I was interested in this IP because the host using it was acting as a shadow server, hosting numerous ...

By malwarebreakdown on April 3, 2017