ioc[.]one - OSINT Cyber Threat Intelligence Database

Raspberry Robin gets the worm early

Tags

cmtmf-attack-pattern:

Command And Scripting Interpreter Masquerading

attack-pattern:

Data Command And Scripting Interpreter - T1623 Domains - T1583.001 Domains - T1584.001 Replication Through Removable Media - T1458 Installer Packages - T1546.016 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Msiexec - T1218.007 Odbcconf - T1218.008 Regsvr32 - T1218.010 Rundll32 - T1218.011 Software - T1592.002 Windows Command Shell - T1059.003 Web Service - T1481 Tool - T1588.002 Command-Line Interface - T1059 Masquerading - T1036 Regsvr32 - T1117 Replication Through Removable Media - T1091 Rundll32 - T1085 Signed Binary Proxy Execution - T1218 Web Service - T1102 Masquerading Replication Through Removable Media

Show in Graph

Common Information

Type	Value
UUID	33a1a89a-34e4-44af-85e2-85b6a6c425ca
Fingerprint	b755d9593406df23
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 2, 2022, midnight
Added to db	Sept. 11, 2022, 12:33 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Raspberry Robin gets the worm early
Title	Raspberry Robin gets the worm early
Detected Hints/Tags/Attributes	79/2/34

Source URLs

	Redirection	Url
Details	Source	http://redcanary.com/blog/raspberry-robin/
Details	Source	https://redcanary.com/blog/raspberry-robin/

URL Provider

Details	Provider	Source level domain
Details	redcanary.com	redcanary.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	5		v0.cx
Details	Domain	1		www.ivuoq6si2a.com
Details	Domain	58		redcanary.com
Details	Domain	5		3h.wf
Details	Email	4		intel@redcanary.com
Details	File	269		msiexec.exe
Details	File	2126		cmd.exe
Details	File	1260		explorer.exe
Details	File	1		c:\windows\installer\msi5c01.tmp
Details	File	1		c:\windows\installer\msie160.tmp
Details	File	62		fodhelper.exe
Details	File	1018		rundll32.exe
Details	File	22		odbcconf.exe
Details	File	4		odbc.ini
Details	File	459		regsvr32.exe
Details	File	172		dllhost.exe
Details	File	1		007_jscript.msi
Details	File	1		t1218-2.dll
Details	File	409		c:\windows\system32\cmd.exe
Details	File	3		c:\windows\syswow64\odbcconf.exe
Details	Github username	17		redcanaryco
Details	md5	2		6f5ea8383bc3bd07668a7d24fe9b0828
Details	md5	2		e8f0d33109448f877a0e532b1a27131a
Details	MITRE ATT&CK Techniques	333		T1059.003
Details	MITRE ATT&CK Techniques	695		T1059
Details	MITRE ATT&CK Techniques	39		T1218.007
Details	MITRE ATT&CK Techniques	121		T1218
Details	MITRE ATT&CK Techniques	2		T1218.008
Details	MITRE ATT&CK Techniques	119		T1218.011
Details	MITRE ATT&CK Techniques	55		T1091
Details	Url	1		https://www.ivuoq6si2a.com
Details	Url	1		https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/t1218.007/src/t1218.007_jscript.msi
Details	Url	1		https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/t1218.011/src/t1218.011.sct").exec
Details	Windows Registry Key	1		HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI\ODBC