• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Security  /  RIG Exploit Kit’s pre-landing page is still the same
Cyber security with Business Objectives
07 July 2017

RIG Exploit Kit’s pre-landing page is still the same

Written by Pradeep Kulkarni
Pradeep Kulkarni
Security
Estimated reading time: 2 minutes

Exploit Kits are dynamic in nature particularly in terms of their delivery mechanism. Their landing page i.e., the content is obfuscated and changed frequently in order to evade various security software. The RIG Exploit Kit, however, has a different story to tell. This Kit delivers a pre-landing page before loading the final landing page on the victim’s machine. And we have observed that this page hasn’t changed since December 2016 – a surprising fact!

A typical infection chain of a RIG Exploit Kit containing pre-landing pages looks like this.

Fig 1. RIG Exploit Kit Infection chain
Fig 1. RIG Exploit Kit Infection chain

Let’s take a look at one of such pre-landing pages.

Pre-Landing Page

Fig 2. RIG Exploit Kit Pre-Landing Page
Fig 2. RIG Exploit Kit Pre-Landing Page

The pre-landing page contains a landing page URL which loads the RIG Exploit landing page and exploits the vulnerabilities in the browser of the victim’s computer.

RIG Exploit Kit Landing Page URL

http://acc[.]dognametags[.]org/?ie=UTF-16&sourceid=yandex&es_sm=104&q=znrQMvXcJwDQDoPGMvrESLtEMUnQA0KK2OH_766yEoH9JHT1vrPUSkrtt&aqs=yandex.120c96.406f0r4&oq=gWCel6CoPcuL7sBOwHhjUKILwJhno9cU19CpayqiUaDyR6Y1sLX-By9UTo

The pre-landing page first checks the version of the browser by calling a function called ‘getBrowser’ and checks if the browser is vulnerable or not. Once a vulnerable browser is found, it sends a POST request to the above mentioned RIG Exploit Kit landing page URL.

Fig 3. Browser version check and POST request to Landing Page URL
Fig 3. Browser version check and POST request to Landing Page URL

The above structure of the pre-landing page has not changed since the last six months.

Hit Trend

Fig 4. Detection Hit Trend
Fig 4. Detection Hit Trend

Indicators of Compromise

acc.dognametags[.]org
top.wildcoastcampinggear[.]com
see.smartpettags[.]org
vfv.chronic-organics[.]com
new.hayatgroup[.]net
new.wildcoastcampinggear[.]ca
dd.3dwtoledo[.]com
all.rebatebutton[.]com

In this constantly evolving threat landscape, the RIG Exploit Kit does not seem to be bothered with its predictability by delivering through well-known mechanisms.  We advise our users to stay updated with latest updates released by Seqrite.

 Previous PostWhy IoT ransomware should be taken seriously?
Next Post  Top 5 security threats for retailers in digital age
Pradeep Kulkarni
About Pradeep Kulkarni

Pradeep Kulkarni is leading the IPS team in Quick Heal Technologies Limited. Having worked in the IT security industry for over 11 years, he has worked on various...

Articles by Pradeep Kulkarni »

Related Posts

  • Is your Router exposed to cyber threats

    Is your router exposed to cyber threats? Here is how to safeguard it.

    July 30, 2020
  • Snake ransomware stings to spread its venom in the veins of enterprise networks.

    Snake Ransomware brings impending doom to enterprise networks

    July 10, 2020
  • APT harbingers are using Honey Traps to attack Indian Defence.

    Operation ‘Honey Trap’: APT36 Targets Defence Organizations in India

    July 8, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021
  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.