Raspberry Robin’s Roshtyak: A Little Lesson in Trickery - Avast Threat Labs
Tags
cmtmf-attack-pattern: Code Injection
attack-pattern: Data Indirect Code Injection - T1540 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Hardware - T1592.001 Hooking - T1617 Kernelcallbacktable - T1574.013 Malware - T1587.001 Malware - T1588.001 Regsvr32 - T1218.010 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Trap - T1546.005 Tool - T1588.002 Vulnerabilities - T1588.006 Hooking - T1179 Hypervisor - T1062 Regsvr32 - T1117 Rundll32 - T1085 Trap - T1154 Hooking
Show in Graph
Common Information
Type Value
UUID 808493a4-07a3-438e-b064-cbd0baf38fab
Fingerprint 3e3b95512d279399
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 22, 2022, 10:48 a.m.
Added to db Jan. 18, 2023, 7:47 p.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
Title Raspberry Robin’s Roshtyak: A Little Lesson in Trickery - Avast Threat Labs
Detected Hints/Tags/Attributes 114/2/37
Source URLs
Redirection Url
Details Source http://decoded.avast.io/janvojtesek/raspberry-robins-roshtyak-a-little-lesson-in-trickery/
Details Source https://decoded.avast.io/janvojtesek/raspberry-robins-roshtyak-a-little-lesson-in-trickery/
Details Source https://decoded.avast.io/janvojtesek/raspberry-robins-roshtyak-a-little-lesson-in-trickery/?utm_source=rss&utm_medium=rss&utm_campaign=raspberry-robins-roshtyak-a-little-lesson-in-trickery
URL Provider
Details Provider Source level domain
Details avast.io decoded.avast.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 100 Avast Threat Labs https://decoded.avast.io/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 11 
cve-2020-1054
Details CVE 45 
cve-2021-1732
Details Domain 8 
download.sysinternals.com
Details Domain 1 
pstools.zip
Details Domain 4127 
github.com
Details File 459 
regsvr32.exe
Details File 748 
kernel32.dll
Details File 1018 
rundll32.exe
Details File 185 
shell32.dll
Details File 119 
avp.exe
Details File 3 
atcuf32.dll
Details File 4 
aswhook.dll
Details File 1260 
explorer.exe
Details File 62 
fodhelper.exe
Details File 34 
eventvwr.exe
Details File 18 
compmgmtlauncher.exe
Details File 27 
computerdefaults.exe
Details File 12 
sdclt.exe
Details File 2 
launcher.sys
Details File 13 
slui.exe
Details File 86 
winver.exe
Details File 8 
download.sys
Details File 1 
pstools.zip
Details File 1 
c:\windows\iexpress.exe
Details File 14 
activeds.dll
Details File 1 
kuser_shared_data.sys
Details File 44 
javaw.exe
Details File 172 
dllhost.exe
Details Github username 12 
avast
Details Microsoft Patch Numbers 4 
KB4601319
Details Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) 16 
DEV-0243
Details Url 1 
https://download.sysinternals.com/files/pstools.zip
Details Url 1 
https://github.com/avast/ioc/tree/master/raspberryrobin.
Details Windows Registry Key 3 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Details Windows Registry Key 1 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Details Windows Registry Key 9 
HKCU\Software\Classes\ms-settings\shell\open\command
Details Windows Registry Key 2 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component