[MART] - Daily Diary #618 - Raspberry Robin Provides Initial Access

ctas-mat at appgate.com ctas-mat at appgate.com
Fri Oct 28 01:07:01 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

10/27/2022 - Diary entry #618:

Raspberry Robin is a worm malware that was first spotted in September 2021 targeting organizations in the technology and manufacturing industries. It targets Microsoft Windows systems and it usually propagates via removable USB devices to gain initial access.

In July this year, it was detected Evil Corp pre-ransomware behavior on Raspberry Robin infected devices. Evil Corp is a cybercrime group active since 2007 and known for delivering the Dridex malware and for switching to ransomware.

Later in September until early this month, Raspberry Robin was observed dropping into compromised devices, second-stage payloads such as IcedID, Bumblebee, Truebot, and the Clop ransomware.

Finally today, it was revealed that Raspberry Robin has spread to almost 3,000 devices belonging to nearly 1,000 organizations in the last 30 days. This means that the malware is continuously evolving and with such an infection rate, we expect more attacks carried by multiple attackers to hit organizations.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>


Malware Analysis and Research Team

E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20221028/4fbde39d/attachment.htm>

More information about the MART mailing list