ioc[.]one - OSINT Cyber Threat Intelligence Database

Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms

Tags

cmtmf-attack-pattern:	Code Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Indirect Model Code Injection - T1540 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Hardware - T1592.001 Hooking - T1617 Junk Data - T1001.001 Kernelcallbacktable - T1574.013 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Python - T1059.006 Regsvr32 - T1218.010 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Service - T1481 Tool - T1588.002 Hooking - T1179 Hypervisor - T1062 Regsvr32 - T1117 Rundll32 - T1085 Web Service - T1102 Hooking

Show in Graph

Common Information

Type	Value
UUID	c655a05e-a75a-4c32-9b89-b0dd31f0d33a
Fingerprint	3bd179516db08f09
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 19, 2024, midnight
Added to db	Nov. 19, 2024, 6:53 p.m.
Last updated	Nov. 20, 2024, 9:29 p.m.
Headline	Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms
Title	Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms
Detected Hints/Tags/Attributes	108/3/52

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	406	✔	Security Research \| Blog Category Feed	https://www.zscaler.com/blogs/feeds/security-research	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	7	cve-2024-26229
Details	CVE	3	cve-2021-31969
Details	Domain	1	2pxsdtxngssu3vqqujdfgu4bsmlkp3d2ytctawznlhhez6tq57wzpzqd.onion
Details	Domain	3	3bh22ezbxub3dopbqja7jjymdussvwgl3eu4xzlsdyagtnhzxy3tr3id.onion
Details	Domain	3	3zs4zdszo3lesutdbuenzvlspuh6wljj6eyntv73dxxig3bk2wcskrad.onion
Details	Domain	3	4jtsmu3u4yrbehjf4rzfwsswhpc7ohs4nrfnlfu3xebteeaf4uv3okyd.onion
Details	Domain	3	4rnzfvzybry65auecpi3n67c6ynuunvs77qpk45svyhhsj6oisibk3qd.onion
Details	Domain	3	5bqxmurmtkqlzis65uu22aspcuhivb6vpzpcpma5wfl5ngz2ha6oxzqd.onion
Details	Domain	3	64iahnunyhf6ph6qvakjp22a3j6wlvl4sdmbh6elwri6up5gpnm7xkyd.onion
Details	Domain	3	6agzykvu3rjnwpdnky777ffxb5dj4fiemftho4tsoeakp2xa542pj7id.onion
Details	Domain	3	6kykjg6h7sjqru5puc57mb2nhd2bwhtewdswnsg4rlr3rw6t4iqrpgyd.onion
Details	Domain	3	6praos6qyi3b5kcurfqe4kyh5ihu4k3z6mjbggkixnfyhbpomy5szoad.onion
Details	Domain	3	6s75xlg3auzdnccos4re4hrmcxyg6fivxsqm3cldv2gowl2engljtqyd.onion
Details	File	3	cbsmsg.dll
Details	File	464	regsvr32.exe
Details	File	175	dllhost.exe
Details	File	37	hh.exe
Details	File	273	msiexec.exe
Details	File	106	regasm.exe
Details	File	1265	explorer.exe
Details	File	122	avp.exe
Details	File	4	efsui.exe
Details	File	14	iexpress.exe
Details	File	3	network_info_list.txt
Details	File	58	control.exe
Details	File	4	runlegacycplelevated.exe
Details	File	17	advpack.dll
Details	File	15	cleanmgr.exe
Details	File	1025	rundll32.exe
Details	File	3	random_generated_string.chm
Details	File	7	aswhook.dll
Details	sha256	1	0632a600bd59a0fab86fd199a041b1d159162ae1d8d7ad62150270257bd9bc8b
Details	sha256	1	852ce7c57c68243a1189db61e750056041bed3802f2c48dcee4cfc189b4e4949
Details	sha256	1	5b8043e178373d4b732c6bf1013173b9f9a1f30269996392da367547d6a4a70f
Details	IPv4	49	127.0.0.0
Details	IPv4	136	10.0.0.0
Details	IPv4	30	224.0.0.0
Details	IPv4	16	240.0.0.0
Details	IPv4	84	172.16.0.0
Details	IPv4	128	192.168.0.0
Details	Url	1	https://2pxsdtxngssu3vqqujdfgu4bsmlkp3d2ytctawznlhhez6tq57wzpzqd.onion:55314
Details	Url	1	https://3bh22ezbxub3dopbqja7jjymdussvwgl3eu4xzlsdyagtnhzxy3tr3id.onion:3367
Details	Url	1	https://3zs4zdszo3lesutdbuenzvlspuh6wljj6eyntv73dxxig3bk2wcskrad.onion:15842
Details	Url	1	https://4jtsmu3u4yrbehjf4rzfwsswhpc7ohs4nrfnlfu3xebteeaf4uv3okyd.onion:37151
Details	Url	1	https://4rnzfvzybry65auecpi3n67c6ynuunvs77qpk45svyhhsj6oisibk3qd.onion:39567
Details	Url	1	https://5bqxmurmtkqlzis65uu22aspcuhivb6vpzpcpma5wfl5ngz2ha6oxzqd.onion:18231
Details	Url	1	https://64iahnunyhf6ph6qvakjp22a3j6wlvl4sdmbh6elwri6up5gpnm7xkyd.onion:33960
Details	Url	1	https://6agzykvu3rjnwpdnky777ffxb5dj4fiemftho4tsoeakp2xa542pj7id.onion:34024
Details	Url	1	https://6kykjg6h7sjqru5puc57mb2nhd2bwhtewdswnsg4rlr3rw6t4iqrpgyd.onion:13392
Details	Url	1	https://6praos6qyi3b5kcurfqe4kyh5ihu4k3z6mjbggkixnfyhbpomy5szoad.onion:4123
Details	Url	1	https://6s75xlg3auzdnccos4re4hrmcxyg6fivxsqm3cldv2gowl2engljtqyd.onion:58212
Details	Windows Registry Key	9	HKEY_CURRENT_USER\Software\Classes