In February 2021, we identified a new RIG Exploit Kit campaign exploiting VBScript vulnerabilities CVE-2019-0752 and CVE-2018-8174 in unpatched Internet Explorer browsers.
We managed to reproduce several instances in our lab and were curious what malware it delivers. We found out it looks like WastedLocker minus the ransomware functionality, which is probably downloaded from the C&C servers.
Because it works like a loader for the downloaded payload, we will name it WastedLoader.In this article, we analyze RIG EK’s landing page and exploits, and the WastedLoader malware.
We managed to reproduce several instances in our lab and were curious what malware it delivers. We found out it looks like WastedLocker minus the ransomware functionality, which is probably downloaded from the C&C servers.
Because it works like a loader for the downloaded payload, we will name it WastedLoader.In this article, we analyze RIG EK’s landing page and exploits, and the WastedLoader malware.