ioc[.]one - OSINT Cyber Threat Intelligence Database

Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe

Tags

country:	British Indian Ocean Territory Spain Portugal
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Regsvr32 - T1218.010 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Regsvr32 - T1117 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	d53cd1c9-6828-4ad7-831d-be46bfc9e7ab
Fingerprint	f64309492cf48489
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 2, 2023, 8 a.m.
Added to db	Nov. 9, 2023, 12:57 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe
Title	Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe
Detected Hints/Tags/Attributes	75/3/24

Source URLs

	Redirection	Url
Details	Source	https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe

URL Provider

Details	Provider	Source level domain
Details	securityjoes.com	www.securityjoes.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	371	✔	Security Joes	https://www.securityjoes.com/blog-feed.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	2	eu.adbison-redirect.com
Details	Domain	112	cdn.discordapp.com
Details	File	1	zhddmeb.dll
Details	File	1	gikfjit.dll
Details	File	12	c:\windows\syswow64\regsvr32.exe
Details	File	18	c:\windows\syswow64\rundll32.exe
Details	File	1018	rundll32.exe
Details	File	45	1.zip
Details	File	127	c:\windows\system32\rundll32.exe
Details	File	269	msiexec.exe
Details	File	3	unpacked.bin
Details	sha256	1	9c9426776b62a4461b7a9237a971fb3c5fc3222acd303506a763aa1d314a1573
Details	sha256	1	b11805162d3ae3d3c6635c240d004d1fe942a9cde25fb701c92a8e135d37d100
Details	sha256	1	ac7d57c011c1bf1b3158a64d4c91e1d5c54e8d05cdeb9d1fadcbb0c4d5103428
Details	sha256	1	21122891977d9296eea86a8a292b2ba7677766a2085566a6e93ecf60f0ac6ee5
Details	sha256	1	fafe11f23567080fb14cfd3b51cb440b9c097804569402d720fd32dd66059830
Details	sha256	1	d0a880123eb8671bc04dcf5f79e086e6a0338fbcd40a84af8ac59a7d7a323601
Details	IPv4	1	85.56.236.45
Details	IPv4	1	135.148.169.133
Details	Url	1	https://eu.adbison-redirect.com/click?payload=eyjzzxnzaw9ux3v1awqioii0mgzizge0ns02
Details	Url	1	https://cdn.discordapp.com/attachments/.../file_part.1.zip
Details	Url	1	http://85.56.236.45:8080
Details	Url	1	https://eu.adbison-redirect.com/click?payload=[json_base64]
Details	Url	1	https://cdn.discordapp.com/attachments/[random_numeric]/[random_numeric_2]/file_part.1.zip