Raspberry Robin: Anti-Evasion How-To & Exploit Analysis - Check Point Research
Tags
attack-pattern: Data Model Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Hardware - T1592.001 Hooking - T1617 Installutil - T1218.004 Kernelcallbacktable - T1574.013 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Odbcconf - T1218.008 Regsvr32 - T1218.010 Rundll32 - T1218.011 Software - T1592.002 System Checks - T1633.001 System Checks - T1497.001 Trap - T1546.005 Tool - T1588.002 Hooking - T1179 Hypervisor - T1062 Installutil - T1118 Regsvr32 - T1117 Rundll32 - T1085 Trap - T1154 Hooking
Show in Graph
Common Information
Type Value
UUID c14d2fb0-b9e1-4bc0-b4dc-94b8ca8f6763
Fingerprint a2109d1025318603
Analysis status DONE
Considered CTI value 1
Text language
Published April 18, 2023, 5:16 p.m.
Added to db May 25, 2023, 4:17 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Raspberry Robin: Anti-Evasion How-To & Exploit Analysis
Title Raspberry Robin: Anti-Evasion How-To & Exploit Analysis - Check Point Research
Detected Hints/Tags/Attributes 97/1/26
Source URLs
Redirection Url
Details Source https://research.checkpoint.com/2023/raspberry-robin-anti-evasion-how-to-exploit-analysis/
URL Provider
Details Provider Source level domain
Details checkpoint.com research.checkpoint.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 204 Check Point Research https://research.checkpoint.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 11 
cve-2020-1054
Details CVE 45 
cve-2021-1732
Details Domain 1 
buff.data
Details Domain 3 
win32ax.inc
Details File 269 
msiexec.exe
Details File 8 
kdcom.dll
Details File 1018 
rundll32.exe
Details File 748 
kernel32.dll
Details File 533 
ntdll.dll
Details File 1 
buff.dat
Details File 2 
'win32ax.inc
Details File 459 
regsvr32.exe
Details File 172 
dllhost.exe
Details File 22 
odbcconf.exe
Details File 103 
regasm.exe
Details File 72 
regsvcs.exe
Details File 83 
installutil.exe
Details File 1260 
explorer.exe
Details File 185 
shell32.dll
Details File 86 
winver.exe
Details IPv6 1 
0000:0000:0000:0000:0000:0000:0000:0000
Details Microsoft Patch Numbers 4 
KB4601319
Details Windows Registry Key 1 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Media\Active
Details Windows Registry Key 44 
HKLM\SOFTWARE\Policies\Microsoft\Windows
Details Windows Registry Key 8 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
Details Windows Registry Key 1 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser