Back to Posts

RIG-v from sends Cerber Ransomware

Posted in ransomware, exploitkit

RIG-v from sends Cerber Ransomware

Domains: - Compromised site - RIG-v Cerber Checkin Cerber Checkin Cerber Checkin


image-title-here Evil Redirector

image-title-here RIG-v & Cerber Traffic

Network Signatures:
[1:2022962:3] ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 12 2016
[1:2023401:3] ET CURRENT_EVENTS RIG EK URI struct Oct 24 2016 (RIG-v)
[1:2023196:2] ET CURRENT_EVENTS RIG EK Landing Sep 12 2016 T2
[1:2014726:88] ET POLICY Outdated Windows Flash Version IE
[1:2816808:2] ETPRO CURRENT_EVENTS RIG EK Flash Exploit Mar 29 2016
[1:2820989:3] ETPRO CURRENT_EVENTS RIG/Sundown/Xer EK Payload Jul 06 2016 M2
[1:2023453:5] ET TROJAN Ransomware/Cerber Checkin 2
[1:2816764:3] ETPRO TROJAN Ransomware/Cerber Checkin Error ICMP Response

image-title-here exploit and cerber execution

File Hashes:

Detection ratio: 4 / 54 Link

MD5: 7bebf4ba3379681524938ef93cf7f3bc
SHA1: 39cc64f47f9f005f437360ff74fa9c2b8d6d5673
SHA256: 83f623627fc0d87a588bc3b4ab5090caf959cef4c6035226d710375c09ef499f
File type: Flash


associated files:

This website focuses on the latest malware, exploit kits, spam and phishing attacks that are seen in the wild. Inspired by @malware_traffic, @BroadAnalysis and @malwareforme

Read Next

IMG_\d+_\d+.js drops banking trojan