Raspberry Robin and Dridex: Two Birds of a Feather

Raspberry Robin, also known as the QNAP worm, is typically delivered by a USB device, which contains a malicious Microsoft shortcut (.LNK) file. Once the user clicks on the .LNK file, it spawns a malicious command referencing msiexec.exe, a legitimate Windows system utility, to download and execute an MSI installer from a command and control (C2) domain

REFERENCE: https://securityintelligence.com/posts/raspberry-robin-worm-dridex-malware/

TAGS: Dridex, MSI, LNK, Malware, Loaders, Raspberry Robin

INDUSTRIES: Transportation, Manufacturing, Oil And Gas

MALWARE FAMILIES: Dridex, Raspberry Robin

ATT&CK IDS: T1056 - Input Capture, T1140 - Deobfuscate/Decode Files or Information, T1199 - Trusted Relationship, T1106 - Native API, T1218 - Signed Binary Proxy Execution, T1547 - Boot or Logon Autostart Execution, T1027 - Obfuscated Files or Information, TA0011 - Command and Control

Read More:

https://otx.alienvault.com/pulse/63175df66b20cd806e97cd51