The University of South Florida: Subdomain Injected with EITest Script That Points to Both Rig-V and Rig-E EK. Dropped CryptoMix (CryptFile2) Ransomware.

IOCs: 131.247.120.45 – etc.usf.edu – Compromised subdomain on usf.edu 217.107.37.39 – red.wellnesswatchersmd.net – Rig-V EK 93.115.38.112 – d4sna.rithiperdien.top – Rig-E EK 5.39.84.236 – GET /validator_os/master_valid_os/ms_statistic_os_key.php?info=SCmvxag30Y35DIy7JTzxsJSTLJzUe67VbrPhiiCr4iIe

1 2