Just Another Blue Teamer · @LeeArchinal
121 followers · 182 posts · Server ioc.exchangeGood day everyone! The ReliaQuest Threat Research team recently provided a wrap up of the most commonly used loaders, the top 80% which comprised of only three different malware! These big three are #QBot, #SocGholish, and #RaspberryRobin. THEN, they not only provided the data sheet to provide to your management or C-suite, they broke them down even further to include technical details as well! Thank you to the Threat Research team for such a great report, I hope you enjoy it as much as I did, and Happy Hunting!
The 3 Malware Loaders Behind 80% of Incidents
https://www.reliaquest.com/blog/the-3-malware-loaders-behind-80-of-incidents/
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
#qbot #SocGholish #RaspberryRobin #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #happyhunting #readoftheday
Aida Akl · @AAKL
261 followers · 439 posts · Server noc.social#RaspberryRobin #Malware Adopts Unique Evasion Techniques #cybersecurity https://www.infosecurity-magazine.com/news/raspberry-robin-adopts-unique/
#cybersecurity #malware #RaspberryRobin
Opalsec :verified: · @Opalsec
59 followers · 26 posts · Server infosec.exchangeI've read and analysed last week's infosec news, so you don't have to - get up to speed on the latest in hacks, malware, tradecraft and more with this week's newsletter:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-d72?sd=pf
A vulnerability in the widely-used, open-source JsonWebToken package has highlighted the continued reliance on vendors for supply chain security.
It's not just APTs - cyber crims are eyeing off kernel space, with #ScatteredSpider/#UNC3944 abusing the #BYOVD technique in an attempt to load their malicious driver into kernel space and subvert EDR controls.
We take a look at research into #RaspberryRobin infrastructure - it's multi-tiered, growing, and highly flexible...but also vulnerable to takeover. Will this be the next #Andromeda, still spreading and hijacked by a 3rd-party in 10 years time?
#Fortinet warns an unknown, stealth-conscious actor with a "deep understanding of #FortiOS" has been seen exploiting the month-old FortiOS vulnerability (CVE-2022-42475) to drop additional malware & subvert logging.
There's a tonne more interesting reporting and tradecraft that I can't get to in this post, but you can find them in the newsletter - check it out, and subscribe to get the latest issues straight to your inbox, and support my work!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-d72?sd=pf
#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc
#scatteredspider #byovd #RaspberryRobin #andromeda #fortinet #fortios #infosec #cyberattack #hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc
Anonymous :verified_neko:🏴 · @YourAnonRiots
5102 followers · 29443 posts · Server mstdn.social
A new analysis reveals that #RaspberryRobin's attack infrastructure can be repurposed by other threat actors for their own malicious activities, making it an even greater threat to watch out for.
https://thehackernews.com/2023/01/new-analysis-reveals-raspberry-robin.html
#Tech #CyberAttack #Hacking #CyberSecurity #InfoSec #RaspberryRobin
Aida Akl · @AAKL
171 followers · 738 posts · Server noc.socialNew Analysis Reveals #RaspberryRobin Can be Repurposed by Other Threat Actors #cybersecurity https://thehackernews.com/2023/01/new-analysis-reveals-raspberry-robin.html @thehackernews
#cybersecurity #RaspberryRobin
Germán Fernández :verified: · @1ZRR4H
73 followers · 17 posts · Server infosec.exchange
#RaspberryRobin 🪱 (REF: https://blog.sekoia.io/raspberry-robins-botnet-second-life/)
'Clean' C2 domains:
/a7k.ro
/a5az.com
/v4a3.com
/4w.pm
/hlv1.com
/ubv5.com
/c43p.com
/2ipn.com
'Clean' compromised QNAP:
151.83.67.5
84.97.18.146
88.130.94.229
188.10.57.97
'New' exploited QNAP:
61.93.39.13
94.14.45.160
Opalsec :verified: · @Opalsec
53 followers · 26 posts · Server infosec.exchangeCatch up on last week's infosec news with our latest newsletter: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-538
#RaspberryRobin continues to improve its evasion mechanisms, extracting more data from victims in the Financial sector.
#Dridex developers look to be dabbling in creating a Mac variant - but aren't quite there yet.
#HTMLSmuggling is being used increasingly over the past few months by heavy-hitting first stage malware such as Qakbot, IcedID and BumbleBee - make sure you understand how it works and how to spot it.
#infosec #CyberAttack #Hacked #cyber #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities
#RaspberryRobin #dridex #htmlsmuggling #infosec #cyberattack #hacked #cyber #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities
Anonymous :verified_neko:🏴 · @YourAnonRiots
5065 followers · 29302 posts · Server mstdn.social
#RaspberryRobin worm is targeting financial and insurance sectors in Europe, and has evolved its post-exploitation capabilities to resist analysis and collect more data from infected computers.
https://thehackernews.com/2023/01/raspberry-robin-worm-evolves-to-attack.html
#Malware #Hacking #Technology #InfoSec #RaspberryRobin
Sova · @sova
9 followers · 51 posts · Server infosec.exchangeHow #telecoms aren't blocking #Tor and controlling USB devices is beyond me. However, that is how a worm is spreading in Latin America and Europe right now. #RaspberryRobin
#telecoms #tor #RaspberryRobin
Anonymous :verified_neko:🏴 · @YourAnonRiots
4902 followers · 28711 posts · Server mstdn.social
#RaspberryRobin worm has been attacking telecommunications and government systems across Latin America, Australia, and Europe.
https://thehackernews.com/2022/12/raspberry-robin-worm-strikes-again.html
#infosec #hacking #cyberattack #malware #technology #cybersecurity
#CyberSecurity #Technology #Malware #CyberAttack #Hacking #InfoSec #RaspberryRobin
Anonymous :verified_neko:🏴 · @YourAnonRiots
4972 followers · 28930 posts · Server mstdn.social#RaspberryRobin worm has been attacking telecommunications and government systems across Latin America, Australia, and Europe.
https://thehackernews.com/2022/12/raspberry-robin-worm-strikes-again.html
#infosec #hacking #cyberattack #malware #technology #cybersecurity
#CyberSecurity #Technology #Malware #CyberAttack #Hacking #InfoSec #RaspberryRobin
AA · @AAKL
151 followers · 2491 posts · Server noc.social#RaspberryRobin worm drops fake #malware to confuse researchers #cybersecurity https://www.bleepingcomputer.com/news/security/raspberry-robin-worm-drops-fake-malware-to-confuse-researchers/ @BleepingComputer @billtoulas
#cybersecurity #malware #RaspberryRobin
arb0ur · @arb0ur
10 followers · 4 posts · Server infosec.exchangeI've published a blog post examining the malware distribution behaviours in Microsoft's recent reporting of Raspberry Robin. The post intends to help analysts make sense of the loader landscape.
https://arb0ur.substack.com/p/examining-malware-distribution-behaviours
#loader #RaspberryRobin #evilcorp #WizardSpider
ITSEC News · @itsecbot
988 followers · 32791 posts · Server schleuss.onlineBreaking the silence - Recent Truebot activity - Since August 2022, we have seen an increase in infections of Truebot (aka Silence.... https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/ #cve-2022-31199 #raspberryrobin #truebot #botnet #grace #ta505
#ta505 #grace #botnet #truebot #RaspberryRobin #cve
heval · @heval
3 followers · 16 posts · Server infosec.exchange
heval · @heval
3 followers · 16 posts · Server infosec.exchange
MathieuB · @MathieuB
28 followers · 484 posts · Server mastodon.xyz
#RaspberryRobin #worm part of larger ecosystem facilitating pre-ransomware activity
https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
Parliamo di news! · @parliamodinews
15 followers · 87553 posts · Server masthead.socialMicrosoft: il worm Raspberry Robin ha già infettato centinaia di reti - Matrice Digitale #malware #Microsoft #raspberryrobin #reti #8luglio https://parliamodi.news/article/aHR0cHM6Ly93d3cubWF0cmljZWRpZ2l0YWxlLml0L3RlY2gvbWljcm9zb2Z0LWlsLXdvcm0tcmFzcGJlcnJ5LXJvYmluLWhhLWdpYS1pbmZldHRhdG8tY2VudGluYWlhLWRpLXJldGkv
#8luglio #Reti #RaspberryRobin #microsoft #malware
Tarnkappe.info · @tarnkappeinfo
1529 followers · 3787 posts · Server social.tchncs.de📬 Lesetipps: Gib dein Handy niemals einem Fremden!
#Lesetipps #AndreasHeller #AndrewMagill #Enclave #ImmanuelBär #RaspberryRobin #ShouZiChew #TimSchuhgart https://tarnkappe.info/lesetipps/lesetipps-gib-dein-handy-niemals-einem-fremden-243884.html
#TimSchuhgart #shouzichew #RaspberryRobin #ImmanuelBär #enclave #AndrewMagill #AndreasHeller #lesetipps
gaby_wald · @gaby_wald
70 followers · 16249 posts · Server framapiaf.org#01net #sécurité "Ce ver informatique se propage, à l'ancienne, grâce à une clé USB" #Ver #Virus #Informatique #NAS #RaspberryRobin ... https://www.01net.com/actualites/ce-ver-informatique-se-propage-a-l-ancienne-grace-a-une-cle-usb-2056172.html
#01net #sécurité #ver #virus #informatique #nas #RaspberryRobin