![\"RIG](\"https:\/\/www.malwarebytes.com\/blog\/threat-intelligence\/2023\/08\/easset_upload_file12229_276004_e.png\")
<\/p>\nThe year is 2023 and there still are some people using Internet Explorer on planet Earth. More shocking perhaps, is the fact there are still threat actors maintaining exploit kit infrastructure and dropping new malware.<\/p>\n
In this quick blog post, we review two well-known toolkits from the past, namely RIG EK and PurpleFox EK with the latest traffic captures we were able to collect.<\/p>\n
The RIG exploit kit continues to be used by a single threat actor that leverages adult traffic schemes. In this latest instance, it dropped the Lumma Stealer.<\/p>\n
<\/p>\n
PurpleFox is more than just an exploit kit, it is a complete framework with rootkit capabilities. The exploit kit is one of the delivery mechanisms for the PurpleFox malware.<\/p>\n
![\"PurpleFox](\"https:\/\/www.malwarebytes.com\/blog\/threat-intelligence\/2023\/08\/easset_upload_file59478_276004_e.png\")
<\/p>\n
Thank you to researchers at First Watch Security<\/a> for providing information on this attack chain.<\/p>\n Even after all these years, Malwarebytes continues to protect agains these exploit kits targeting vulnerabilities in Internet Explorer, the browser no longer supported by Microsoft<\/a>.<\/p>\n RIG EK<\/strong><\/p>\n Lumma Stealer payloadd<\/strong><\/p>\n Lumma Stealer C2<\/strong><\/p>\n PurpleFox EK<\/strong><\/p>\n Payload<\/strong><\/p>\n https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Protection<\/h2>\n
![\"MBAE\"](\"https:\/\/www.malwarebytes.com\/blog\/threat-intelligence\/2023\/08\/easset_upload_file16676_276004_e.png\")
<\/p>\nIndicators of Compromise<\/h2>\n
adsgoandway[.]xyz
45.138.27[.]52<\/pre>\n07e06e8277980a60e595da9cd9e03a4ecd2e8f8bdbd3cf5c930ab878ac5b0836<\/pre>\n
solopodvip-my[.]xyz<\/pre>\n
oernatel[.]shop
uabeoee.otvidluioad[.]online
via0[.]com<\/pre>\nf627070c4cbb03556896601870cf575b1c8f47b062fdfef5c3516ff5a07db40c<\/pre>\n