[2018-05-22] Slyip->RigEK->GandCrab

[Slyip Campaign]
http[:]//eurohosting.slyip.net/index.php?browser=ie&countryname=United+States
↓
[Slyip Campaign]
http[:]//eurohosting.slyip.net/index.php?browser=ie&countryname=United+States
↓
[Slyip Campaign]
http[:]//eurohosting.slyip.com/ee.php?browser=ie&countryname=United+States
↓
[RIG Exploit Kit][Landing Page]
http[:]//95.142.40.150/?NDI3NzI0&rHiljF&cZNdLlzpu=Zmx5&CrLpImFK=c3BvcnQ=&UfztclIAdlZhT=Zmx5&ItCWmMruEE=c3BvcnQ=&MEKzXMoxRDyeIB=c2Vh&fdsf2f=x3rQcvWfaRuPDojEM_jdSqFBMUvOGUeIwYqfn7DVF52ofzajz7CSEBzw6VmtSTvSgfBOKbZUIgCyiRqEOQY0mOFeEF5K8_6qkEKVzU6fwJ&oJSBbGz=Y2F0cw==&zthqBQkkDqzMr=c2hha2U=&RfnTjuhSnIUTh=Zmx5&taa1f4=Oy-RyONQlN_MaRFLU93F72nbJGdMIjxhWB7WBTxOlOVg8U5QlBn6nIEKXIrkV0VkZmVQXKe5ohpRnBAiS6Mml31_SLRAt2q-2K8rVw2ZQu&umahbAAiQbZ=bWF0Y2h1cA==&OXEnnYPNs=bWF0Y2h1cA==&AeobnfcmgpOyb=c3BvcnQ=
↓
[RIG Exploit Kit][SWF Payload]
http[:]//95.142.40.150/?NDM4NDU1&KybGZXSPE&taa1f4=ONQ5N_MaRFLI93F7xnbJGdMIkxhKB7WBTxOlOVg8U5QlBmKnIEKLIqUV0VkFmVQXKe50hpRnBAiS6Mml31_OLQz92mO3K8vF3mZMd1l2ogAx_aRw&WBWlPGaIACZLU=Zmx5&rQrWbncIkb=c2hha2U=&OTTBrksIhtWjb=c3BvcnQ=&WxIeHmDgmLlp=c2Vh&fdsf2f=x3rQdfWYaRyPCYjEM_jdTaFGMUzOGUePwYqfn7DVF5qoeDakz7eSEBz36VmtSTvVgfdOLrZUIgeyiRqEOQY0n-FeEF5K8_6tkEWVyk6fwJSy-Ry&tFpSSxOaxhdBw=c3BvcnQ=&gHWZPxUZaijDyza=bWF0Y2h1cA==&iAVjDnkCqpxJFc=c2hha2U=&AcacsaYcfUtpF=Y2F0cw==&dDzzEj=cmVzb3J0&wbKoThdTF=c3BvcnQ=&zPiXymEK=cmVzb3J0
↓
[RIG Exploit Kit][Malware Payload]
http[:]//95.142.40.150/?MjM2NjI3&HPPBQormObpzRFB&QwAKdLPpby=Zmx5&DarRuXli=bWF0Y2h1cA==&gEbnCtRdwlU=c3BvcnQ=&duRLtFEIaEM=c3BvcnQ=&ElGvocGi=c3BvcnQ=&taa1f4=I1VBl4T8aqt3EWHwBKdg5SD9RHeNA5BrZGSErI63V73m7IcJM8gwxXQu2UDmu4tUV4R4g4amarKJqKU7UNzZA&fdsf2f=xH3QMrLYbRzFFYbfKP_EUKZEMUvWA0KKwY2ZharVF5qxFDLGpbD1FxnspVmdCF6EmvdvdLYHIweh1UbASwFoy&wDLQqIZOSouZefK=cmVzb3J0&IXyjnyQT=c3BvcnQ=&uGZjhdj=c2hha2U=&dotFuOmtXuwhXr=c2hha2U=&UGkemq=Zmx5&AMnAqZHFDHW=c2hha2U=