SYMBOLCOMMON_NAMEaka. SYNONYMS
win.roshtyak (Back to overview)

Roshtyak


A DLL backdoor distributed by Raspberry Robin. According to Avast Decoded, Roshtyak belongs to one of the best-protected malware strains they have ever seen.

References
2022-10-27MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221027:raspberry:b6d1ce4, author = {Microsoft Security Threat Intelligence}, title = {{Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity}}, date = {2022-10-27}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/}, language = {English}, urldate = {2022-11-11} } Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES Fauppod Raspberry Robin Roshtyak
2022-09-26Palo Alto Networks Unit 42Daniela Shalev, Itay Gamliel
@online{shalev:20220926:hunting:3489fdb, author = {Daniela Shalev and Itay Gamliel}, title = {{Hunting for Unsigned DLLs to Find APTs}}, date = {2022-09-26}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unsigned-dlls/}, language = {English}, urldate = {2022-09-30} } Hunting for Unsigned DLLs to Find APTs
PlugX Raspberry Robin Roshtyak
2022-09-22AvastJan Vojtěšek
@online{vojtek:20220922:raspberry:26502e1, author = {Jan Vojtěšek}, title = {{Raspberry Robin’s Roshtyak: A Little Lesson in Trickery}}, date = {2022-09-22}, organization = {Avast}, url = {https://decoded.avast.io/janvojtesek/raspberry-robins-roshtyak-a-little-lesson-in-trickery/}, language = {English}, urldate = {2022-09-22} } Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
Raspberry Robin Roshtyak

There is no Yara-Signature yet.