Raspberry Robin
· Published 21/12/2025 03:36 · Modified 21/12/2025 03:36
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 03:36
- Modified
- 21/12/2025 03:36
- Updated at
- 21/12/2025 03:36
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 37 attack patterns (mitre), 14 malware, 130 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
1 CVE 2 Malwares 121 Observables 1 APT
-
1 CVE 15 MITREs 2 Malwares 121 Observables 1 APT
Attack patterns (MITRE) (37)
-
T1059.003 usesWindows Command Shell MITRE
-
T1543 usesCreate or Modify System Process MITRE
-
T1102 usesWeb Service MITRE
-
T1027.005 usesIndicator Removal from Tools MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1553.002 usesCode Signing MITRE
-
T1055 usesProcess Injection MITRE
-
T1012 usesQuery Registry MITRE
-
T1553 usesSubvert Trust Controls MITRE
-
T1564.003 usesHidden Window MITRE
-
T1574 usesHijack Execution Flow MITRE
Malware (14)
-
Raspberry Robin usesFamily
-
Arkei Stealer uses
-
Mars uses
-
DarkComet - S0334 usesFamily
-
StealC usesFamily
-
Vidar usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Azorult - S0344 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
QakBot - S0650 usesFamily
-
QakBot usesFamily
-
DarkKomet usesFamily
-
LOBSHOT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Pony - S0453 usesFamily
Indicators (130)
-
werbjkqsmcugdcbdn5yvriyy6q4m2qfk3mg7cf6sujzandkwlsnlucid.onionindicates -
http://ne2vesxuik5dkz4vynmfped6rjfsjehmkajhkcpcjr5m3c3hc5bx5oad.onion:27842indicates -
tfjhxbhmr3vrmjrhc543npj4nk64jksodoclyjuqfn5aflmi44f657id.onionindicates -
http://qtnf675tghndtnnrosx2lsrvktbq7iw3noetckags2fb2ci7cujzxfyd.onion:20325indicates -
sgk5c76pgs7a3qfhzvmey2ecnunsfdbykgjxvunnbpnn3ixlu7a5eqyd.onionindicates -
iz3iltwsdsaiqptqxba52bvwouzwoi56fw7vqbiw3znjo2jmifxmiuqd.onionindicates -
6g6z6zsz7xc2ywqunbzzc4u2uv7yakc5aiaqbojbajmfioj3dfkzbnqd.onionindicates -
http://g7w5uxhxw5mp5jmshvevd273qvkph2if5xnvrjemthe6ok5q5dtek4ad.onion:58387indicates -
http://ysbbw6ghpxos5jzcmdjydrrl3clqdvwfygejrktre4bixr3zo63vk7yd.onion:9080indicates -
stix 100/100 Revoked· Valid until 12/07/2025 · Source: AlienVault
-
5lqerrumqsknnphthjiwg45uas7xcer65am4vs7z4zheshmx6hxyh2yd.onionindicates -
s54ui6ju3aa5w3anmo3lgwn53hm7us3lj5venw3eqyogoel6e6uv7fad.onionindicates
Vulnerabilities (CVE) (1)
CVE-2024-38196
targets
7.8
High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- Attack vector
- LOCAL
- Published
- 13/08/2024
- Modified
- 21/12/2025