While investigating a popular class of exploits, RSA Research detected a common thread running through multiple campaigns. Continued research led to the identification of a massive domain-shadowing operation underpinning numerous campaigns and a significant cross-section of criminal infrastructure. Join the RSA Research team as they discuss what they discovered and how they discovered it.
Title: Threat Hunting in Action: Shadowfall
Date: 28 Jun 2017
Duration: 1 hr
Threat Analysis Lead
Technical Analysis Lead
In June 2017, RSA Research embarked on a cross-organizational effort against RIG Exploit Kit (RIG EK or just plain RIG), which led to insight into the operational infrastructure (and possibly the entire ecosystem), as well as significant discoveries related to domain shadowing.