2017-01-26 - Afraidgate Rig-V from 92.53.97.168 sends Godzilla Loader/Locky/something else

TRAFFIC. Shown above: Afraidgate redirect URL leading to a Rig-V landing page. Shown above: Traffic from the pcap filtered in Wireshark. ASSOCIATED DOMAINS: [information removed] Compromised website; 146.185.151.179 port 80 - misterin.pkitup.com - GET /watch.js - Afraidgate redirect; 92.53.97.168 port 80 - upd.

Article Link: http://www.malware-traffic-analysis.net/2017/01/26/index.html