SYMBOLCOMMON_NAMEaka. SYNONYMS
win.raspberry_robin (Back to overview)

Raspberry Robin

aka: RaspberryRobin, QNAP-Worm, LINK_MSIEXEC

Worm spread by external drives that leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

References
2022-07-30The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220730:microsoft:0f1459e, author = {Ravie Lakshmanan}, title = {{Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers}}, date = {2022-07-30}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/07/microsoft-links-raspberry-robin-usb.html?_m=3n%2e009a%2e2800%2ejp0ao0cjb8%2e1shm}, language = {English}, urldate = {2022-08-02} } Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers
FAKEUPDATES Raspberry Robin
2022-07-07CybereasonLoïc Castel
@online{castel:20220707:threat:e7717e8, author = {Loïc Castel}, title = {{THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices}}, date = {2022-07-07}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-alert-raspberry-robin-worm-abuses-windows-installer-and-qnap-devices}, language = {English}, urldate = {2022-07-12} } THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices
Raspberry Robin
2022-05-05Red CanaryLauren Podber, Stef Rand
@online{podber:20220505:raspberry:ebc51e8, author = {Lauren Podber and Stef Rand}, title = {{Raspberry Robin gets the worm early}}, date = {2022-05-05}, organization = {Red Canary}, url = {https://redcanary.com/blog/raspberry-robin/}, language = {English}, urldate = {2022-05-06} } Raspberry Robin gets the worm early
Raspberry Robin

There is no Yara-Signature yet.