Been an interesting few weeks and I haven’t been able to update but the other researchers appear to have found a few interesting things. I thought I would blog if anyone wanted a pcap to look at.
I actually found this through my normal malvertising route. After pondering and assistance the payload was determined to be Smoke Loader leading to a Miner and AZORult stealer. It’s an interesting sample! Thanks to @James_inthe_box for looking into it deeper.
- A few articles on Rig exploit kit and it’s evolution:
(in password protected zip)
- 13-October-2017-Rig-Miner-PCAP-> Pcap of traffic
- 13-October-2017-Rig-Miner-CSV-> CSV of traffic for IOC’s
- 13-October-2017-Rig-Miner-> Smoke Loader – 60489385b91478d36e4d027e70d662a861f305cc5d4bdce20f312ac1c7c2f126
Details of infection chain:
(click to enlarge!)
|File name||Asus Gaming.exe|
|File size||270.5 KB|