Home

Awesome

Rig-Exploit-for-CVE-2018-8174

Rig Exploit for CVE-2018-8174 As with its previous campaigns, Rig’s Seamless campaign uses malvertising. In this case, the malvertisements have a hidden iframe that redirects victims to Rig’s landing page, which includes an exploit for CVE-2018-8174 and shellcode. This enables remote code execution of the shellcode obfuscated in the landing page. After successful exploitation, a second-stage downloader is retrieved, which appears to be a variant of SmokeLoader due to the URL. It would then download the final payload, a Monero miner.