SYMBOLCOMMON_NAMEaka. SYNONYMS
win.raspberry_robin (Back to overview)

Raspberry Robin

aka: RaspberryRobin, QNAP-Worm, LINK_MSIEXEC

Worm spread by external drives that leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

References
2023-09-07Huntress LabsHarlan Carvey
@online{carvey:20230907:evolution:4432f0b, author = {Harlan Carvey}, title = {{Evolution of USB-Borne Malware, Raspberry Robin}}, date = {2023-09-07}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/evolution-of-usb-borne-malware-raspberry-robin}, language = {English}, urldate = {2023-09-11} } Evolution of USB-Borne Malware, Raspberry Robin
Raspberry Robin
2023-04-18CheckpointShavit Yosef
@online{yosef:20230418:raspberry:61254cb, author = {Shavit Yosef}, title = {{Raspberry Robin: Anti-Evasion How-To & Exploit Analysis}}, date = {2023-04-18}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2023/raspberry-robin-anti-evasion-how-to-exploit-analysis}, language = {English}, urldate = {2023-04-22} } Raspberry Robin: Anti-Evasion How-To & Exploit Analysis
Raspberry Robin
2023-04-18Check Point ResearchShavit Yosef
@online{yosef:20230418:raspberry:b2dac9b, author = {Shavit Yosef}, title = {{Raspberry Robin: Anti-Evasion How-To & Exploit Analysis}}, date = {2023-04-18}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2023/raspberry-robin-anti-evasion-how-to-exploit-analysis/}, language = {English}, urldate = {2023-04-22} } Raspberry Robin: Anti-Evasion How-To & Exploit Analysis
Raspberry Robin
2023-01-03Security JoesSecurityJoes
@online{securityjoes:20230103:raspberry:c992c68, author = {SecurityJoes}, title = {{Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe}}, date = {2023-01-03}, organization = {Security Joes}, url = {https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe}, language = {English}, urldate = {2023-01-04} } Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe
Raspberry Robin
2022-12-20Trend MicroChristopher Daniel So
@online{so:20221220:raspberry:3d29aad, author = {Christopher Daniel So}, title = {{Raspberry Robin Malware Targets Telecom, Governments}}, date = {2022-12-20}, organization = {Trend Micro}, url = {https://www.trendmicro.com/fr_fr/research/22/l/raspberry-robin-malware-targets-telecom-governments.html}, language = {English}, urldate = {2023-03-13} } Raspberry Robin Malware Targets Telecom, Governments
Raspberry Robin Roshtyak
2022-12-08Cisco TalosTiago Pereira
@online{pereira:20221208:breaking:7f00030, author = {Tiago Pereira}, title = {{Breaking the silence - Recent Truebot activity}}, date = {2022-12-08}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/}, language = {English}, urldate = {2022-12-12} } Breaking the silence - Recent Truebot activity
Clop Cobalt Strike FlawedGrace Raspberry Robin Silence Teleport
2022-10-27MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221027:raspberry:b6d1ce4, author = {Microsoft Security Threat Intelligence}, title = {{Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity}}, date = {2022-10-27}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/}, language = {English}, urldate = {2023-03-13} } Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES BumbleBee Fauppod PhotoLoader Raspberry Robin Roshtyak
2022-10-27Bleeping ComputerSergiu Gatlan
@online{gatlan:20221027:microsoft:e274158, author = {Sergiu Gatlan}, title = {{Microsoft links Raspberry Robin worm to Clop ransomware attacks}}, date = {2022-10-27}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-worm-to-clop-ransomware-attacks/}, language = {English}, urldate = {2022-11-11} } Microsoft links Raspberry Robin worm to Clop ransomware attacks
Clop Raspberry Robin
2022-10-27MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20221027:raspberry:44ac615, author = {Microsoft Threat Intelligence}, title = {{Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity}}, date = {2022-10-27}, organization = {Microsoft}, url = {http://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/}, language = {English}, urldate = {2023-11-17} } Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES BumbleBee Clop Fauppod Raspberry Robin Roshtyak Silence
2022-09-26Palo Alto Networks Unit 42Daniela Shalev, Itay Gamliel
@online{shalev:20220926:hunting:3489fdb, author = {Daniela Shalev and Itay Gamliel}, title = {{Hunting for Unsigned DLLs to Find APTs}}, date = {2022-09-26}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unsigned-dlls/}, language = {English}, urldate = {2022-09-30} } Hunting for Unsigned DLLs to Find APTs
PlugX Raspberry Robin Roshtyak
2022-09-22AvastJan Vojtěšek
@online{vojtek:20220922:raspberry:26502e1, author = {Jan Vojtěšek}, title = {{Raspberry Robin’s Roshtyak: A Little Lesson in Trickery}}, date = {2022-09-22}, organization = {Avast}, url = {https://decoded.avast.io/janvojtesek/raspberry-robins-roshtyak-a-little-lesson-in-trickery/}, language = {English}, urldate = {2022-09-22} } Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
Raspberry Robin Roshtyak
2022-09-01IBMKevin Henson, Emmy Ebanks
@online{henson:20220901:raspberry:b5b5946, author = {Kevin Henson and Emmy Ebanks}, title = {{Raspberry Robin and Dridex: Two Birds of a Feather}}, date = {2022-09-01}, organization = {IBM}, url = {https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/}, language = {English}, urldate = {2022-09-06} } Raspberry Robin and Dridex: Two Birds of a Feather
Dridex Raspberry Robin
2022-08-09CiscoOnur Mustafa Erdogan
@online{erdogan:20220809:raspberry:3652ff7, author = {Onur Mustafa Erdogan}, title = {{Raspberry Robin: Highly Evasive Worm Spreads over External Disks}}, date = {2022-08-09}, organization = {Cisco}, url = {https://blogs.cisco.com/security/raspberry-robin-highly-evasive-worm-spreads-over-external-disks}, language = {English}, urldate = {2022-08-22} } Raspberry Robin: Highly Evasive Worm Spreads over External Disks
Raspberry Robin
2022-07-30The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220730:microsoft:0f1459e, author = {Ravie Lakshmanan}, title = {{Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers}}, date = {2022-07-30}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/07/microsoft-links-raspberry-robin-usb.html?_m=3n%2e009a%2e2800%2ejp0ao0cjb8%2e1shm}, language = {English}, urldate = {2022-08-02} } Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers
FAKEUPDATES Raspberry Robin
2022-07-07CybereasonLoïc Castel
@online{castel:20220707:threat:e7717e8, author = {Loïc Castel}, title = {{THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices}}, date = {2022-07-07}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/threat-alert-raspberry-robin-worm-abuses-windows-installer-and-qnap-devices}, language = {English}, urldate = {2022-07-12} } THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices
Raspberry Robin
2022-05-05Red CanaryLauren Podber, Stef Rand
@online{podber:20220505:raspberry:ebc51e8, author = {Lauren Podber and Stef Rand}, title = {{Raspberry Robin gets the worm early}}, date = {2022-05-05}, organization = {Red Canary}, url = {https://redcanary.com/blog/raspberry-robin/}, language = {English}, urldate = {2022-05-06} } Raspberry Robin gets the worm early
Raspberry Robin

There is no Yara-Signature yet.