2024-11-14 - Raspberry Robin infection using WebDAV server
2024-11-14 (THURSDAY): RASPBERRY ROBIN INFECTION USING WEBDAV SERVERNOTES:Zip files are passw 2024-11-15 10:32:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:1 收藏
2024-11-14 (THURSDAY): RASPBERRY ROBIN INFECTION USING WEBDAV SERVERNOTES:Zip files are passw 2024-11-15 10:32:0 Author: www.malware-traffic-analysis.net(查看原文) 阅读量:1 收藏
2024-11-14 (THURSDAY): RASPBERRY ROBIN INFECTION USING WEBDAV SERVER
NOTES:
- Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website.
REFERENCES:
- https://www.linkedin.com/posts/unit42_raspberryrobin-activity-7262916467707265024-5p8f/
- https://x.com/Unit42_Intel/status/1857150852114649216
ASSOCIATED FILES:
- 2024-11-14-Raspberry-Robin-infection-initial-traffic.saz.zip 6.7 MB (6,729,910 bytes)
- 2024-11-14-Raspberry-Robin-infection-traffic.pcap.zip 72.4 MB (72,370,728 bytes)
- 2024-11-14-Raspberry-Robin-malware-samples.zip 6.7 MB (6,704,397 bytes)
IMAGES
Shown above: Initial zip archive and extracted HTA file.
Shown above: Traffic from Fiddler capture showing example of script retrieved by the HTA file to retrieve and run the Raspberry Robin DLL from the WebDAV server.
Shown above: Raspberry Robin DLL from the WebDAV server.
Shown above: Traffic from an infection filtered in Wireshark.
Click here to return to the main page.
文章来源: https://www.malware-traffic-analysis.net/2024/11/14/index.html
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh