The Rig Exploit Kit searches for security holes in its victims’ browsers, such as unpatched Flash and Java plugins. It then exploits those holes to compromise their system and deliver a malicious payload. We block them every day at Cisco Umbrella. This blog post will explore a graph for freepps[.]top, a recently blocked Rig Exploit Kit domain, walking you though interesting findings as we go deeper into a graph of related domains, hashes, and IPs. Each level or depth of the graph will feature an interactive graph that acts as a snapshot of the graph at that depth. This graph allows you to explore the structure for yourself.
You can explore the graph by scrolling, dragging, hovering, and clicking around the data visualization. Start by clicking the ‘Depth’ buttons and follow along in the narrative below.