Tag: Miner

Rulan Campaign Redirects to RIG EK at 188.225.33.43 and Drops a Miner

Watcha know about Mining!? Today I was doing some digging (no pun intended) into numerous domains used during recent malvertising redirection chains. These domains appear to be related to a campaign dubbed “Rulan”. Let’s start off with showing the redirection chain: As you can see from the TCP streams there are a lot of 302 ...

Campaign Leads to RIG EK and Fake Flash Player Update Site. RIG Drops URLZone and Fake Flash Player Update Drops a Miner.

On 08/02/17 I used the domain www2[.]davidhelpling[.]org to redirect my host to a RIG EK landing page located at 188.225.79.139. RIG ended up dropping URLZone, which is a banking Trojan first discovered in 2009. More recently URLZone has been seen targeting Japan via malspam campaigns. You can read more about URLZone at the link below, as ...