Raspberry Robin

If this worm hits your network, it opens a gateway to the largest malware distribution platform currently active. We’ll show you how to keep Raspberry Robin from using FakeUpdates to get in; keeping Evil Corp, and more, out in the cold where they belong.

Actors
Clop LockBitEvil Corp
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Campaign Outline

Threat Actor Campaigns are comprised of multiple MITRE ATT&CK aligned courses. Click on a course below to learn more.

Overview

In this course, students will learn the basics of how an adversary can use removable media devices to not only gain access to an unauthorized host, but also enable autorun scripts to download additional infrastructure and payloads to a victim host.

Overview

In the course, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files by utilizing the built in rundll32.exe. By using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under the rundll32.

Overview

In the course, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files using the built-in rundll32.exe. Using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under rundll32.

Overview

In this course, you will learn how the native CMD scripting language for Windows can be abused to allow an attacker to execute remote commands, establish persistence and create autorun files to carry out an attack within the Raspberry Robin attack cycle.

Overview

In this course, students will learn how C2 connections are established and used by attackers in a real-world demonstration to give learners a sense of how to detect malicious HTTP traffic. This is the last course in the Raspberry Robin Attack series.