A coordinated effort to disrupt activities related to the RIG Exploit Kit has once again revealed how extensively threat actors abuse legitimate domains and websites to build the operational infrastructure for their criminal campaigns. The campaign has resulted in a complete cessation of activity related to EITEST and PseudoDarkleech, two major RIG EK campaigns. Most of the subdomains were being served out of near bulletproof hosting providers based in Eastern Europe. Most victims were directed to the landing pages from previously compromised websites injected with iframes.”]