ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Raspberry Robin

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Raspberry Robin

NamesRaspberry Robin
RaspberryRobin
LINK_MSIEXEC
QNAP-Worm
CategoryMalware
TypeBackdoor, Worm
Description(Red Canary) “Raspberry Robin” is Red Canary’s name for a cluster of activity we first observed in September 2021 involving a worm that is often installed via USB drive. This activity cluster relies on msiexec.exe to call out to its infrastructure, often compromised QNAP devices, using HTTP requests that contain a victim’s user and device names. We also observed Raspberry Robin use TOR exit nodes as additional command and control (C2) infrastructure.
Information<https://redcanary.com/blog/raspberry-robin/>
<https://blogs.cisco.com/security/raspberry-robin-highly-evasive-worm-spreads-over-external-disks>
<https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/>
<https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-malware-to-evil-corp-attacks/>
<https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/>
<https://www.trendmicro.com/en_us/research/22/l/raspberry-robin-malware-targets-telecom-governments.html>
<https://blog.checkpoint.com/security/raspberry-robin-evolving-cyber-threat-with-advanced-exploits-and-stealth-tactics/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.raspberry_robin>

Last change to this tool card: 06 March 2024

Download this tool card in JSON format

Previous: RARSTONE
Next: Ratankba

All groups using tool Raspberry Robin

ChangedNameCountryObserved

APT groups

XIndrik SpiderRussia2007-Oct 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]