SYMBOLCOMMON_NAMEaka. SYNONYMS
win.raspberry_robin (Back to overview)

Raspberry Robin

aka: RaspberryRobin, QNAP-Worm, LINK_MSIEXEC

Worm spread by external drives that leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

References
2024-04-03HarfangLabAlice Climent-Pommeret
Raspberry Robin and its new anti-emulation trick
Raspberry Robin
2024-04-02DarktraceAlexandra Sentenac, Trent Kessler, Victoria Baldie
The Early Bird Catches the Worm: Darktrace’s Hunt for Raspberry Robin
Raspberry Robin
2024-02-07Check Point ResearchCheck Point Research
Raspberry Robin Keeps Riding the Wave of Endless 1-Days
Raspberry Robin
2023-09-07Huntress LabsHarlan Carvey
Evolution of USB-Borne Malware, Raspberry Robin
Raspberry Robin
2023-04-18Check Point ResearchShavit Yosef
Raspberry Robin: Anti-Evasion How-To & Exploit Analysis
Raspberry Robin
2023-04-18CheckpointShavit Yosef
Raspberry Robin: Anti-Evasion How-To & Exploit Analysis
Raspberry Robin
2023-01-03Security JoesSecurityJoes
Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe
Raspberry Robin
2022-12-20Trend MicroChristopher Daniel So
Raspberry Robin Malware Targets Telecom, Governments
Raspberry Robin Roshtyak
2022-12-08Cisco TalosTiago Pereira
Breaking the silence - Recent Truebot activity
Clop Cobalt Strike FlawedGrace Raspberry Robin Silence Teleport
2022-10-27Bleeping ComputerSergiu Gatlan
Microsoft links Raspberry Robin worm to Clop ransomware attacks
Clop Raspberry Robin
2022-10-27MicrosoftMicrosoft Security Threat Intelligence
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES BumbleBee Fauppod PhotoLoader Raspberry Robin Roshtyak
2022-10-27MicrosoftMicrosoft Threat Intelligence
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES BumbleBee Clop Fauppod Raspberry Robin Roshtyak Silence DEV-0950 Mustard Tempest
2022-09-26Palo Alto Networks Unit 42Daniela Shalev, Itay Gamliel
Hunting for Unsigned DLLs to Find APTs
PlugX Raspberry Robin Roshtyak
2022-09-22AvastJan Vojtěšek
Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
Raspberry Robin Roshtyak
2022-09-01IBMEmmy Ebanks, Kevin Henson
Raspberry Robin and Dridex: Two Birds of a Feather
Dridex Raspberry Robin
2022-08-09CiscoOnur Mustafa Erdogan
Raspberry Robin: Highly Evasive Worm Spreads over External Disks
Raspberry Robin
2022-07-30The Hacker NewsRavie Lakshmanan
Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers
FAKEUPDATES Raspberry Robin
2022-07-07CybereasonLoïc Castel
THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices
Raspberry Robin
2022-05-05Red CanaryLauren Podber, Stef Rand
Raspberry Robin gets the worm early
Raspberry Robin

There is no Yara-Signature yet.