home.social

#raspberryrobin — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #raspberryrobin, aggregated by home.social.

  1. 2025-05-06 (Tuesday): #RaspberryRobin activity - file hashes, malware samples, #WebDAV server info, and a #pcap of the infection traffic available at malware-traffic-analysis.net/2

  2. Raspberry Robin: Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor Attacks
    #RaspberryRobin
    silentpush.com/blog/raspberry-

  3. Good day everyone!

    I have recently be researching worms and I wanted to share an article that was useful in identifying the Tactics, Techniques, and Procedures (TTPs) and behaviors associated with them. The #RaspberryRobin worm has been around for a while and reported on by Check Point Software Technologies Ltd researchers. This time around the researchers highlight more technical aspects and new capabilities but a couple of tactics that stood out to me was User Account Control (UAC) bypass to elevate privileges and the abuse of the registry run key to establish persistence. It's been an interesting topic to research and I hope you enjoy this article! Happy Hunting!

    RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS
    research.checkpoint.com/2024/r

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting

  4. Good day everyone! The ReliaQuest Threat Research team recently provided a wrap up of the most commonly used loaders, the top 80% which comprised of only three different malware! These big three are #QBot, #SocGholish, and #RaspberryRobin. THEN, they not only provided the data sheet to provide to your management or C-suite, they broke them down even further to include technical details as well! Thank you to the Threat Research team for such a great report, I hope you enjoy it as much as I did, and Happy Hunting!

    The 3 Malware Loaders Behind 80% of Incidents
    reliaquest.com/blog/the-3-malw

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

  5. I've read and analysed last week's infosec news, so you don't have to - get up to speed on the latest in hacks, malware, tradecraft and more with this week's newsletter:

    opalsec.substack.com/p/soc-gou

    A vulnerability in the widely-used, open-source JsonWebToken package has highlighted the continued reliance on vendors for supply chain security.

    It's not just APTs - cyber crims are eyeing off kernel space, with #ScatteredSpider/#UNC3944 abusing the #BYOVD technique in an attempt to load their malicious driver into kernel space and subvert EDR controls.

    We take a look at research into #RaspberryRobin infrastructure - it's multi-tiered, growing, and highly flexible...but also vulnerable to takeover. Will this be the next #Andromeda, still spreading and hijacked by a 3rd-party in 10 years time?

    #Fortinet warns an unknown, stealth-conscious actor with a "deep understanding of #FortiOS" has been seen exploiting the month-old FortiOS vulnerability (CVE-2022-42475) to drop additional malware & subvert logging.

    There's a tonne more interesting reporting and tradecraft that I can't get to in this post, but you can find them in the newsletter - check it out, and subscribe to get the latest issues straight to your inbox, and support my work!

    opalsec.substack.com/p/soc-gou

    #infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc

  6. Catch up on last week's infosec news with our latest newsletter: opalsec.substack.com/p/soc-gou

    #RaspberryRobin continues to improve its evasion mechanisms, extracting more data from victims in the Financial sector.

    #Dridex developers look to be dabbling in creating a Mac variant - but aren't quite there yet.

    #HTMLSmuggling is being used increasingly over the past few months by heavy-hitting first stage malware such as Qakbot, IcedID and BumbleBee - make sure you understand how it works and how to spot it.

    #infosec #CyberAttack #Hacked #cyber #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities

  7. Catch up on last week's infosec news with our latest newsletter: opalsec.substack.com/p/soc-gou

    #RaspberryRobin continues to improve its evasion mechanisms, extracting more data from victims in the Financial sector.

    #Dridex developers look to be dabbling in creating a Mac variant - but aren't quite there yet.

    #HTMLSmuggling is being used increasingly over the past few months by heavy-hitting first stage malware such as Qakbot, IcedID and BumbleBee - make sure you understand how it works and how to spot it.

    #infosec #CyberAttack #Hacked #cyber #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities

  8. Catch up on last week's infosec news with our latest newsletter: opalsec.substack.com/p/soc-gou

    #RaspberryRobin continues to improve its evasion mechanisms, extracting more data from victims in the Financial sector.

    #Dridex developers look to be dabbling in creating a Mac variant - but aren't quite there yet.

    #HTMLSmuggling is being used increasingly over the past few months by heavy-hitting first stage malware such as Qakbot, IcedID and BumbleBee - make sure you understand how it works and how to spot it.

    #infosec #CyberAttack #Hacked #cyber #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities

  9. Catch up on last week's infosec news with our latest newsletter: opalsec.substack.com/p/soc-gou

    #RaspberryRobin continues to improve its evasion mechanisms, extracting more data from victims in the Financial sector.

    #Dridex developers look to be dabbling in creating a Mac variant - but aren't quite there yet.

    #HTMLSmuggling is being used increasingly over the past few months by heavy-hitting first stage malware such as Qakbot, IcedID and BumbleBee - make sure you understand how it works and how to spot it.

    #infosec #CyberAttack #Hacked #cyber #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities

  10. IT-Forscher von Cybereason haben einen Netzwerkwurm entdeckt, der sich auf Windows- und Qnap-Geräten verbreitet. Sie nennen die Kampagne Raspberry Robin.
    Wurm-Infektion: Malware-Kampagne Raspberry Robin befällt Windows und Qnap-NAS
  11. #Microsoft confirme la présence d’un ver se propageant par clé #USB sur des centaines de réseaux d’entreprises

    #RaspberryRobin, un malware #Windows identifié il y a déjà plusieurs mois, continue de se propager sur les réseaux d’entreprises par l’intermédiaire de clé USB infectées.

    01net.com/actualites/microsoft

    #infosec #news