Category Archives: Rig Exploit Kit

RIG EK Web Exploit Kit Exploiting Vulnerable FLASH x-flash-version: 11,8,800,94 Traffic Sample

2015-02-06 12:17:55.655135 IP 192.168.138.158.49166 > 46.182.30.163.80: Flags [P.], seq 1:609, ack 1, win 64240, length 608 E….3@…^…………P.. .|.}3P…….GET /?PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJkuHbwvnPVsbu|MzE1MWY4MjZhOTZhYTU4NDAwNDhmZjQ4ZjQwNTI0NDU HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center… Read More »

Share Button

RIG Exploit Kit Malware Traffic Sample Vector

2015-02-06 12:17:55.655135 IP 192.168.138.158.49166 > 46.182.30.163.80: Flags [P.], seq 1:609, ack 1, win 64240, length 608 E….3@…^…………P.. .|.}3P…….GET /?PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJkuHbwvnPVsbu|MzE1MWY4MjZhOTZhYTU4NDAwNDhmZjQ4ZjQwNTI0NDU HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center… Read More »

Share Button