campaign. Rig standard uses new URL patterns introduced by Rig-V, but old obfuscation (ASCII string to XOR the payload binary). I haven’t seen this one in a while. MORE ABOUT TDS: TDS is an acronym for “Traffic Direction System” or "Traffic Distribution System.
Article Link: http://www.malware-traffic-analysis.net/2016/12/20/index.html