top of page

Raspberry Robin and Dridex: Two Birds of a Feather

Raspberry Robin, also known as the QNAP worm, is typically delivered by a USB device, which contains a malicious Microsoft shortcut (.LNK) file. Once the user clicks on the .LNK file, it spawns a malicious command referencing msiexec.exe, a legitimate Windows system utility, to download and execute an MSI installer from a command and control (C2) domain

MALWARE FAMILIES: Dridex, Raspberry Robin

ATT&CK IDS: T1056 - Input Capture, T1140 - Deobfuscate/Decode Files or Information, T1199 - Trusted Relationship, T1106 - Native API, T1218 - Signed Binary Proxy Execution, T1547 - Boot or Logon Autostart Execution, T1027 - Obfuscated Files or Information, TA0011 - Command and Control

Read More:

bottom of page