#raspberryrobin search results

The 2024 cyber landscape saw AI-powered tactics and infrastructure laundering rise, complicating defense globally. SilentPush tracks actors like Raspberry Robin, offering insights via Indicators of Future Attack. #SilentPush #RaspberryRobin #InfoSec ift.tt/lkFJxX4

🪲 Raspberry Robin has gone from a USB worm to a major initial access broker, using phishing, malvertising, and Tor-based C2. Picus simulates these attacks to identify blind spots before attackers exploit them → hubs.li/Q03D3mY80 #RaspberryRobin #CyberSecurity

#RaspberryRobin #malware has improved its hiding methods, now uses Chacha-20 for network encryption, and includes a new local privilege escalation exploit (CVE-2024-38196). It also embeds fake C2 server addresses. #ThreatIntelligence #onpatrol4malware zscaler.com/blogs/security…

⚠️ New Exploit Alert: Raspberry Robin Evolves This USB-spread malware now uses a Windows CLFS exploit (CVE-2024-38196) + ChaCha-20 encryption to avoid detection. 🔗 Learn more at cybersecuritynews.com/raspberry-robi… #CyberSecurity #MalwareAlert #RaspberryRobin #CLFSExploit #WindowsSecurity

ThreatLabz reveals the evolution of Raspberry Robin malware, now featuring stronger encryption, complex obfuscation, and a new privilege escalation exploit to bypass detection. #RaspberryRobin #MalwareEvasion #Cybersecurity #LPE #Roshtyak securityonline.info/the-evolution-…

#RaspBerryRobin IoC : 49[.]249[.]113[.]106 "C:\WINDOWS\system32\cmD.eXe" /e/vnXF/rCMD<XPHfk.sav SHA256 : ae4943e5f3f763688e10601f090b4cae3ce19f0b427007884b40d27d7fb9274d

Raspberry Robin has transformed from a simple copy shop worm into a significant initial access broker linked to Russian cyber operations. Collaboration is crucial to combat this rising threat. 🦠🔒 #RaspberryRobin #CyberThreats #Russia link: ift.tt/r9XOv7j

Researchers have made a significant discovery in the fight against #RaspberryRobin #malware. By analyzing key nameservers, domain naming conventions, and IP/ASN diversity patterns, they've uncovered nearly 200 unique command and control (C2) domains. silentpush.com/blog/raspberry…

🚨 THREAT REPORT: Raspberry Robin – Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor Attacks Read full investigation: hubs.ly/Q03dswtv0 #raspberryrobin #cyberattack #CISA #C2 #threatintelligence #IOFAs

Thanks for the update on #RaspberryRobin!

Researchers have uncovered nearly 200 unique command-and-control domains tied to Raspberry Robin, a sophisticated malware acting as an access broker for criminal groups, mainly in Russia. 🦠🔍 #MalwareExposed #RaspberryRobin #Russia link: ift.tt/Cvcgfd6

Silent Push reveals that the Raspberry Robin USB worm has evolved into an Initial Access Broker for Russian threat actors, with nearly 200 C2 domains identified through extensive collaboration and research efforts. #CyberSecurity #RaspberryRobin ift.tt/dSrWt47

Raspberry Robin, an evolving initial access broker, is linked to Russian cybercriminals. With nearly 200 unique command and control domains, its tactics pose a significant threat to global enterprises. 🌍🔒 #RaspberryRobin #Russia link: ift.tt/f5wVBau

#RaspberryRobin: Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor Attacks ↘️ silentpush.com/blog/raspberry…

📽️ Fast Flux: Catching Universally Bad Behavior, Raspberry Robin hubs.ly/Q030zg430 Missed Zach Edwards presentation at #mWISE2024? It's now available to watch and we HIGHLY recommend you check this one out. Let us know what you think! 🤔 #raspberryrobin #silentpush

Raspberry-Robin - Vielschichtige Verschlüsselung #Cybersecurity #Malware #RaspberryRobin #Roshtyak #Security @Threatlabz #USB #Verschlüsselung @Zscaler_DACH netzpalaver.de/2024/12/20/ras…

Such a thorough analysis of #RaspberryRobin in this article that taught me a lot 👇 😂

Check out our technical analysis of #RaspberryRobin's multilayered approach to thwarting analysis and evading detection. Read the full technical analysis here: zscaler.com/blogs/security…

#ln -s :malware_traffic: @Unit42_Intel Pivoting on this information, I generated a #RaspberryRobin infection using the #WebDAV server. I posted a #pcap with some fresh malware samples at malware-traffic-analysis.net/2024/11/14/ind…

#ln -s :malware_traffic: RT @Unit42_Intel: 2024-11-14 (Thursday): #RaspberryRobin infection chain uses WebDAV share, today at 2z[.]si@ssl\u\. Victim downloads a zip…

Check out our technical analysis of #RaspberryRobin's multilayered approach to thwarting analysis and evading detection. Read the full technical analysis here: zscaler.com/blogs/security…

#RaspberryRobin 🪱 (REF: blog.sekoia.io/raspberry-robi…) 'Clean' C2 domains: /a7k.ro /a5az.com /v4a3.com /4w.pm /hlv1.com /ubv5.com /c43p.com /2ipn.com 'Clean' compromised QNAP: 151.83.67.5 84.97.18.146 88.130.94.229 188.10.57.97 'New' exploited QNAP: 61.93.39.13 94.14.45.160

FYI: #RaspberryRobin C2s (compromised QNAP servers) are giving a 502 error (Proxy Error) pointing to techcloud[.]tw domain 👀 Last sample I checked (LNK): bazaar.abuse.ch/sample/1b6d5fc… I also uploaded the active C2s to ThreatFox on April 14: threatfox.abuse.ch/browse/tag/ras… /cc:…

Wrote a yara rule to detect #RaspberryRobin DLL's. #dailyyara github.com/CD-R0M/Hundred…

We analyzed #RaspberryRobin's built-in exploits and explain how to identify and bypass each of the malware's many anti-analysis tricks and evasions. Check out our blog 👉 research.checkpoint.com/2023/raspberry…

The Unit 42 Managed Threat Hunting team detected #RaspberryRobin samples being spread via downloaded .zip files. Samples can be found on VT using the search: content:"OnePro" content:"TwoPro" content:"ThrPro"

🐚 Hiding Shellcode In Plain Sight PoC - Very simple, but extremely effective technique used by #RaspberryRobin ❓ Place the shellcode randomly in an extremely large region of RW memory filled with random data, taking note of location, then execute. 🔗 github.com/LloydLabs/shel…

I drew a Raspberry Robin Malwaremon! ✍️ #malwaremon #raspberryrobin

#RaspberryRobin #DFIR

Tracking QNAP C2s in realtime #RaspberryRobin

New Anti-VM technique used inside #raspberryrobin malicious DLL. By simply using EnumDisplayDevicesA you can easily detect VMware virtual displays.

Since January 2022, our TDR team is tracking the evolution of #RaspberryRobin infrastructure. This research led to the #sinkholing of two domains, giving us some telemetry of early infections and a big concern: these infections can be easily repurposed by other threat actors.

More #RaspberryRobin ☣USB Drive.lnk c8ff8a9793a99c0f6ac19a1a3bdcf6b34862a6e38a4130c7e1390752a20579a9 ☣xphfk.sav a30dd8721d4a3a4925ed825a21e8186efe32db0b8471947368dac0eef1f85efd 🔥Known C2 fgcz[.]net:8080 61.244.156.107 🔎IP has a QNAP NAS & Hikvision Web Server

#BreakingBadness gets spooky this week 👻 Recorded on Halloween, @neurovagrant, @punsandrosess and @DanOnSecurity discuss the #RaspberryRobin worm link to #Clop #ransomware attacks along with #vishing and the latest #Twilio breach. Listen here: bit.ly/3zCdJVr

📢The #RaspberryRobin #malware has leveled up with two new #1day exploits, CVE-2023-36802 and CVE-2023-29360, employing them to escalate privileges on compromised devices. Read more on SOCRadar🔻 socradar.io/hundreds-of-wi… #Cybersecurity #ThreatIntelligence #MalwareUpdate

#RaspberryRobin DLL ☣️"be0000.dll" e74cf1c88298d16af252c0ef6ce81fdbff4adae0226d5f962de4744016f1fcb6 C2🔥 hxxp://76.95.39[.]48:8080/ (popped QNAP NAS) 🔎Example of RR w/ system data appended to URL hidden with the RC4 stream cipher, instead of plaintext h/t @SecurityJoes YARA

It looks as if #RaspberryRobin activity would be covered quite well with the current @sigma_hq rules - I only had space for 4 screenshots but there are more rules that would trigger redcanary.com/blog/raspberry…

Many #RaspberryRobin domains sinkholed today.

Ok, I won't be fired yet #ChatGPT #ThreatHunting #RaspberryRobin

#RaspberryRobin LNK files in April 3329ad32799c142d6cd5e7f6a1dff755 d1993684f055e9cfd964d35952f570f8 b7d6f079a6b084c1c8293ab4cd54b585 131243c786a2efed6e7f35dabfef4be8 f5e6ffec3c33e9c84e11d6101d181c4e C2 m0[.]nu 7d[.]wf 0j[.]re C2 58.177.98[.]79 jnaskk[.]myqnapcloud[.]com NAS🇭🇰