RIG Exploit Kit: In-depth Analysis
RIG EK is a financially-motivated program that has been active since 2014. Although it has yet to substantially change its exploits in its more recent activity, the type and version of the malware the threat actors distribute constantly change. The frequency of updating samples ranges from weekly to daily updates.
This report aims to provide insight into how RIG EK operates, what kinds of malware it distributes, and how the distribution happens.
The PTI team has identified and gained visibility of the infrastructure of RKIT, which revealed threat actors’ inner workings and their identities.