Skip to content

Hide Navigation Hide TOC

Raspberry Robin (Deprecated) (dc0dbd15-0916-43c7-a3b9-6dc3ce0771be)

We are no longer maintaining this object in favor of a similar object subsequently published by MITRE: "Raspberry Robin" (Software). All relevant Tidal content extensions (e.g. additional Technique and Object relationships and metadata) have been added to the MITRE-authored object.

A highly active worm that spreads through removable media devices and abuses built-in Windows utilities after initial infection of the host. Raspberry Robin has evolved into a major malware delivery threat, with links to infections involving Cobalt Strike, SocGholish, Truebot, and ultimately ransomware.[Microsoft Security Raspberry Robin October 2022]

Delivers: Cobalt Strike[Microsoft Security Raspberry Robin October 2022], SocGholish[Microsoft Security Raspberry Robin October 2022], Truebot[Microsoft Security Raspberry Robin October 2022][U.S. CISA Increased Truebot Activity July 6 2023]

Malpedia (Research): https://malpedia.caad.fkie.fraunhofer.de/details/win.raspberry_robin

Malware Bazaar (Samples & IOCs): https://bazaar.abuse.ch/browse/tag/raspberryrobin/

PulseDive (IOCs): https://pulsedive.com/threat/Raspberry%20Robin

Cluster A Galaxy A Cluster B Galaxy B Level
Raspberry Robin (Deprecated) (dc0dbd15-0916-43c7-a3b9-6dc3ce0771be) Tidal Software FIN11 (ecdbd431-d62b-4b30-8663-b1ecb4304ec0) Tidal Groups 1