TRAFFIC. Shown above: Injected script in page from compromised site leading to Afraidgate URL. Shown above: Afraidgate URL returns script leading to a Rig EK landing page. Shown above: Traffic from the pcap filtered in Wireshark. ASSOCIATED DOMAINS: [information removed] Compromised website; 192.241.
Article Link: http://www.malware-traffic-analysis.net/2017/02/06/index3.html