Raspberry Robin

Malware updated 3 months ago (2024-08-01T14:29:29.226Z)
Download STIX
Preview STIX
Raspberry Robin is a sophisticated piece of malware that uses a variety of tactics to infiltrate and exploit computer systems. It employs the CPUID instruction to conduct several checks, enabling it to assess the system's characteristics and vulnerabilities. Furthermore, Raspberry Robin has been observed using an intriguing technique involving flag utilization, which enhances its stealth and effectiveness. In October 2023, Raspberry Robin began exploiting a known vulnerability, CVE-2023-36802. This allowed the malware to escalate its privileges within infected systems, increasing its control and potential for damage. The malware's use of this exploit signifies a significant evolution in its capabilities and poses a serious threat to systems with this vulnerability. The situation escalated further when Raspberry Robin was detected utilizing two new 1-day Local Privilege Escalation (LPE) exploits. These exploits, as reported on securityaffairs.com, allow the malware to gain even more control over an infected system. They are particularly concerning because they can be used before vendors have had a chance to develop and distribute patches, making them highly effective. The continuous development and adaptation of Raspberry Robin highlight the importance of robust, up-to-date cybersecurity measures.
Description last updated: 2024-08-01T13:34:41.012Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Evil Corp is a possible alias for Raspberry Robin. Evil Corp, a threat actor based in Russia, has been identified as a significant cybersecurity threat due to its involvement in various malicious activities, including the deployment of Dridex malware. The group is led by Maksim Yakubets and has been sanctioned by the Treasury Department for its cybe
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ransomware
Exploit
Worm
Windows
Exploits
Payload
Clop
Loader
Vulnerability
Downloader
Github
Sandbox
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Truebot Malware is associated with Raspberry Robin. Truebot is a malicious software (malware) utilized by the CL0P actors, designed to exploit and damage computer systems. This malware can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Truebot serves multiple purposes: it can dowUnspecified
3
The Lockbit Malware is associated with Raspberry Robin. LockBit is a notorious malware that operates on a ransomware-as-a-service model, which has been responsible for significant cyber attacks across the globe. One of its most high-profile targets was Boeing, from whom the LockBit gang claimed to have stolen data. This incident not only disrupted operatUnspecified
3
The Socgholish Malware is associated with Raspberry Robin. SocGholish is a malicious software (malware) that has been significantly prevalent in cyber threats over recent years. In 2022, it was observed being used in conjunction with the Parrot TDS to deliver the FakeUpdates downloader to unsuspecting visitors on compromised websites. By late 2022, MicrosofUnspecified
3
The Stately Taurus Malware is associated with Raspberry Robin. Stately Taurus, also known as Mustang Panda, Bronze President, Camaro Dragon, Earth Preta, Luminous Moth, and Red Delta, is a sophisticated malware that has been used in cyber-espionage campaigns primarily targeting government entities in Southeast Asia. It is believed to be associated with China's Unspecified
2
The QakBot Malware is associated with Raspberry Robin. Qakbot is a potent piece of malware, or malicious software, that infiltrates computer systems through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This malware, built by various groups includinUnspecified
2
The Qbot Malware is associated with Raspberry Robin. Qbot, also known as Qakbot or Pinkslipbot, is a modular information stealer malware that first emerged in 2007 as a banking trojan. Its evolution has seen it become an advanced strain of malware used by multiple cybercriminal groups to prepare compromised networks for ransomware infestations. The fiUnspecified
2
The IcedID Malware is associated with Raspberry Robin. IcedID is a type of malware, malicious software designed to exploit and damage computer systems. It has been identified in association with various other malwares such as Qakbot, BazarLoader, CobaltStrike, Conti, Gozi, Trickbot, Quantum, Emotet, and Pikabot. The IcedID IntBot Loader (int-bot.dll) isUnspecified
2
The Bumblebee Malware is associated with Raspberry Robin. Bumblebee is a type of malware that has been linked to ITG23, a cybercriminal group known for its use of crypters such as Emotet, IcedID, Qakbot, Bumblebee, and Gozi. Distributed via phishing campaigns or compromised websites, Bumblebee enables the delivery and execution of further payloads. The samUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Aqua Blizzard Threat Actor is associated with Raspberry Robin. Aqua Blizzard, previously known as ACTINIUM, is a significant threat actor originating from Russia. Recently, Microsoft revamped its naming convention for threat groups, transitioning from all-cap names based on atomic elements to a two-name scheme inspired by storm terminology. Aqua Blizzard has beUnspecified
2
The Lace Tempest Threat Actor is associated with Raspberry Robin. Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. ThiUnspecified
2
The Camaro Dragon Threat Actor is associated with Raspberry Robin. Camaro Dragon, a Chinese state-sponsored threat actor also known as Mustang Panda, Bronze President, RedDelta, Luminous Moth, Earth Preta, and Stately Taurus, has been identified as a significant cybersecurity concern. The group has been active since at least 2012 and is known for its sophisticated Unspecified
2
The Gamaredon Threat Actor is associated with Raspberry Robin. Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been identified as one of the most active threat actors in Ukraine, particularly since Russia's invasion of Ukraine in 2022. The group has been known to employ a variety of tools and techniques for cyberespionage, including downloadersUnspecified
2
The TA505 Threat Actor is associated with Raspberry Robin. TA505, also known as Cl0p Ransomware Gang and Lace Tempest, is a highly active and sophisticated cybercriminal group. The group has been associated with various high-profile cyber-attacks, demonstrating adaptability through a multi-vector approach to their operations. In June 2023, the U.S. CybersecUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The vulnerability CVE-2023-29360 is associated with Raspberry Robin. Unspecified
3
The CVE-2022-31199 Vulnerability is associated with Raspberry Robin. CVE-2022-31199 is a critical remote code execution (RCE) vulnerability discovered in Netwrix Auditor, a widely-used software for on-premises and cloud-based IT system auditing. This flaw in the software's design or implementation allows cyber threat actors to exploit it and gain unauthorized access Unspecified
2
Source Document References
Information about the Raspberry Robin Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
2 months ago
Securityaffairs
2 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
3 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
BankInfoSecurity
6 months ago
InfoSecurity-magazine
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
CERT-EU
7 months ago
Securityaffairs
7 months ago