Tag: Rig-E

T

The University of South Florida: Subdomain Injected with EITest Script That Points to Both Rig-V and Rig-E EK. Dropped CryptoMix (CryptFile2) Ransomware.

IOCs: 131.247.120.45 – etc.usf.edu – Compromised subdomain on usf.edu 217.107.37.39 – red.wellnesswatchersmd.net – Rig-V EK 93.115.38.112 – d4sna.rithiperdien.top – Rig-E EK 5.39.84.236 – GET /validator_os/master_valid_os/ms_statistic_os_key.php?info=SCmvxag30Y35DIy7JTzxsJSTLJzUe67VbrPhiiCr4iIe 5.39.84.236 – POST /validator_os/master_valid_os/microsoft_osINFO.php – POSTs files to webserver Traffic: Hashes: SHA256: 36fecf334a7be0e9c33c7a745c09e5daf775438e4018cc7de26e5d056ff9ec0f File name: RigV UA check page.html SHA256: ef89449250ff7e297300bd1bf1c5ca1c4de691b8d23727e481b24121985f69ad File name: RigV Landing Page.html SHA256: 65e938972896e4ffb6c4de3f8314e1a2acd8da5f86fee94f34d35a5d334723e6 File name: ...