NOTES:
REFERENCES:
ASSOCIATED FILES:
Shown above: Initial zip archive and extracted HTA file.
Shown above: Traffic from Fiddler capture showing example of script retrieved by the HTA file to retrieve and run the Raspberry Robin DLL from the WebDAV server.
Shown above: Raspberry Robin DLL from the WebDAV server.
Shown above: Traffic from an infection filtered in Wireshark.
Click here to return to the main page.