{"id":718,"date":"2018-05-16T11:19:39","date_gmt":"2018-05-16T11:19:39","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=132010"},"modified":"2018-05-16T11:19:39","modified_gmt":"2018-05-16T11:19:39","slug":"rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/","title":{"rendered":"RIG EK Still Makes Waves, This Time with a Stealthy Backdoor"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/15174329\/rig-ek.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>Exploit kit activity has been declining since the latter half of 2016, but the RIG EK seems to buck the trend. It\u2019s been involved in ongoing activity involving a wide range of crimeware payloads; and the latest campaign saw RIG dropping the Grobios malware, which is tailored to be a really stealthy backdoor.<\/p>\n<p>The campaign was first seen in March by FireEye Labs, redirecting victims (mainly in the U.S.) to a compromised domain with a malicious iframe injected into it. That iframe in turn loads a malvertisement domain, which communicates over SSL and leads to the RIG EK landing page. RIG then loads a malicious Flash file that drops the Grobios trojan.<\/p>\n<p>The trojan\u2019s main hallmark is an impressive arsenal of evasion and anti-sandbox techniques, according to FireEye researchers. It also uses multiple anti-debugging, anti-analysis and anti-VM techniques to hide its behavior and C2 traffic.<\/p>\n<p>\u201cThe main purpose of Grobios malware is to help attacker establish a strong foothold in the system by employing various kinds of evasions and anti-VM techniques,\u201d Ali Islam, director of FireEye, told Threatpost. \u201cOnce a strong foothold is established, an attacker can drop a payload of his\/her choice, which can be anything from an infostealer to ransomware, etc.\u201d<\/p>\n<p>FireEye researchers said in an <a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2018\/05\/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html\">analysis<\/a> on Monday that Grobios\u2019 efforts to evade detection are a grab-bag of tactics: The authors have packed the sample with PECompact 2.xx, for one. Also, the unpacked sample has no function entries in the import table; it uses API hashing to obfuscate the names of API functions it calls; it parses the PE header of the DLL files to match the name of a function to its hash; and, the malware uses stack strings.<\/p>\n<p>Also, just before connecting to the C2 server, the malware does a series of checks to detect virtual machines and malware analysis environments. It can detect almost all well-known VM software, including Xen, QEMU, VMWare, Virtualbox, Hyper-V and so on, according to FireEye, and compares the machine against a list of hashes of blacklisted driver names.<\/p>\n<p>For persistence, Grobios gets very aggressive: It drops a copy of itself into an application folder, masquerading as a version of legitimate software installed on the victim machine. It then creates an Autorun registry key and a shortcut in the Windows Startup folder. From there, it drops multiple copies of itself in subfolders of a legitimate program, again masquerading as different versions of installed programs, and sets an Autorun registry key or creates a scheduled task.<\/p>\n<p>The persistence increased the danger of the campaign, because it allows Grobios to lay in wait until its operators are ready to send additional payload drops.<\/p>\n<p>In general, the campaign is interesting given that exploit kits <a href=\"https:\/\/threatpost.com\/where-have-all-the-exploit-kits-gone\/124241\/\">have waned in usage<\/a>. This is largely because systems are becoming less vulnerable, according to Zain Gardezi, FireEye vulnerability researcher. Users are using a wider variety of browsers and are often disabling Flash, making it harder to infect customers with old patched exploits and lessening the threat surface for those wielding EKs.<\/p>\n<p>\u201cMore and more users are shifting towards more secure browsers, and Flash support is slowly dwindling over time as well,\u201d Gardezi said in an interview. \u201cDue to this, cybercriminals are investing in zero-day discoveries that are usable in drive-by attacks rather than [old vulnerabilities and] just simple social engineering campaigns where they have to trust human psychology doing their work for them.\u201d<\/p>\n<p>However, he added that the RIG EK manages to remain quite attractive to attackers that make \u201cspray and pray\u201d tactics their <em>modus operadi<\/em>, because it\u2019s a generalist with wide appeal.<\/p>\n<p>\u201c[RIG] is usually never the pioneer to add zero-day exploits, and it only follows after other EKs have already incorporated them,\u201d Gardezi explained. \u201cRIG is mainly used by multiple actors that mostly rely on throwing out malvertisements in hopes of infecting as many users as possible. RIG has always been the EK with wider variety of campaigns, in terms of quantity of propagation as well as crimeware variety.\u201d<\/p>\n<p>The moral of the story is that EKs continue to put users at risk \u2013 especially those running older versions of software. Enterprises, as always, should make sure their network nodes are fully patched in order to avoid falling victim to this basic threat.<\/p>\n<p> READ MORE <a href=\"https:\/\/threatpost.com\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/132010\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The main purpose of Grobios malware is to help attacker establish a strong, persistent foothold in a victim&#8217;s system, in order to drop additional payloads later. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":719,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[505,506,507,211,508,28,509,19],"class_list":["post-718","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-backdoor","tag-evasion-techniques","tag-exploit-kits","tag-featured","tag-grobios","tag-malware","tag-rig-ek","tag-vulnerabilities"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>RIG EK Still Makes Waves, This Time with a Stealthy Backdoor 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"RIG EK Still Makes Waves, This Time with a Stealthy Backdoor 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-16T11:19:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"RIG EK Still Makes Waves, This Time with a Stealthy Backdoor\",\"datePublished\":\"2018-05-16T11:19:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/\"},\"wordCount\":724,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor.jpg\",\"keywords\":[\"backdoor\",\"evasion techniques\",\"exploit kits\",\"Featured\",\"grobios\",\"Malware\",\"rig ek\",\"Vulnerabilities\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/\",\"name\":\"RIG EK Still Makes Waves, This Time with a Stealthy Backdoor 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor.jpg\",\"datePublished\":\"2018-05-16T11:19:39+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor.jpg\",\"width\":680,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/backdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"RIG EK Still Makes Waves, This Time with a Stealthy Backdoor\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"RIG EK Still Makes Waves, This Time with a Stealthy Backdoor 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/","og_locale":"en_US","og_type":"article","og_title":"RIG EK Still Makes Waves, This Time with a Stealthy Backdoor 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-16T11:19:39+00:00","og_image":[{"width":680,"height":400,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"RIG EK Still Makes Waves, This Time with a Stealthy Backdoor","datePublished":"2018-05-16T11:19:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/"},"wordCount":724,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor.jpg","keywords":["backdoor","evasion techniques","exploit kits","Featured","grobios","Malware","rig ek","Vulnerabilities"],"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/","url":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/","name":"RIG EK Still Makes Waves, This Time with a Stealthy Backdoor 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor.jpg","datePublished":"2018-05-16T11:19:39+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor.jpg","width":680,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/rig-ek-still-makes-waves-this-time-with-a-stealthy-backdoor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/backdoor\/"},{"@type":"ListItem","position":3,"name":"RIG EK Still Makes Waves, This Time with a Stealthy Backdoor"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/718","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=718"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/718\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/719"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}