The use of exploit kits has generally been declining over the past two years, however FireEye has recently observed in March active development of the RIG EK capable of delivering a trojan named Grobios, a type of malware.
Victims are first redirected to a compromised domain with an embedded malicious iframe which then redirects to the RIG EK landing page which loads a malicious Flash file. When the Flash file is executed, it drops the Grobios trojan onto the host and subsequently uses various techniques to evade detection and gain persistence.
The techniques used for evasion/persistence include masquerading as legitimate software and detecting VM & malware analysis tools. After detection evasion and persistence is achieved, network communication is established to hardcoded IPs point towards their respective C&C servers awaiting further instruction.
Proficio Threat Intelligence Recommendations:
- Ensure network nodes are fully patched to minimize attack surface
General Info – Click Here