Stories from the SOC- RIG Exploit Kit

Executive summary
AT&T Alien Labs® Open Threat Exchange® (OTX) recently created a pulse for a new threat entitled the RIG Exploit Kit which had been observed distributing ransomware to victim companies across a variety of industry verticals. This exploit was discovered by BroadAnalysis who outlined the exploit’s intricacies in a whitepaper that was released December 2, 2019. BroadAnalysis provided a step-by-step explanation of this exploit’s lifecycle, including all indicators of compromise (IOCs). Using the pulses created in OTX and threat intelligence from Alien Labs, AT&T’s Security Operations Center (SOC) was able to identify the initial behaviors of this threat and work in concert with the customer’s staff to mitigate the ongoing activity.
Investigation
Initial alarm review
Indicators of Compromise (IOCs)
The initial alarm surfaced as the result of a Domain Name System (DNS) request to the OTX…

Posted by: Andrew Lukosevic

Read full post

      

The post Stories from the SOC- RIG Exploit Kit appeared first on Cybersecurity Insiders.

March 30, 2020 at 09:09PM

Posted in: Cyber Security, Cybersecurity Insiders, Hacking, Hacking Articles, Hacking News, Security