This is the default text value
threat-actor-campaigns
threat actor campaign

Raspberry Robin

Raspberry Robin is a malware family that continues to be manipulated by several different threat groups for their purposes. These threat actors (Clop, LockBit, and Evil Corp) specialize in establishing persistence on a compromised host and creating remote connections to use later. Once established, these C2 connections can be used for multiple purposes, including data exfiltration, espionage, and even further exploitation.

Enroll Now
Need to train your team?  
Learn More
Start Course
Need to train your team? Learn More
Need to train your team?  
Learn More

5

H

30

m

Time

intermediate

i
Designed for learners with a solid grasp of foundational IT and cybersecurity concepts who are interested in pursuing an entry-level security role.
Experience Level

3020

XP

5

i

Earn qualifying credits for certification renewal with completion certificates provided for submission.
CEU's

288

Enrollees

Campaign Outline

Threat Actor Campaigns are comprised of multiple MITRE ATT&CK aligned courses. Click on a course below to learn more.
Course
Free
H:
15
M
 CEUS

Raspberry Robin: Campaign Overview

Raspberry Robin is a malware family that continues to be manipulated by several different threat groups for their purposes. These threat actors (Clop, LockBit, and Evil Corp) specialize in establishing persistence on a compromised host and creating remote connections to for data exfiltration, espionage, and even further exploitation.

Learn More & Enroll

Overview

Raspberry Robin is a malware family that continues to be manipulated by several different threat groups for their purposes. These threat actors (Clop, LockBit, and Evil Corp) specialize in establishing persistence on a compromised host and creating remote connections to for data exfiltration, espionage, and even further exploitation.

Start Learning
Course
Free
1
H:
10
M
1
 CEUS

Replication Through Removable Media

In this hands-on lab, students will learn the basics of how an adversary can use removable media devices to gain access to an unauthorized host.

Learn More & Enroll

Overview

In this hands-on lab, students will learn the basics of how an adversary can use removable media devices to gain access to an unauthorized host.

Start Learning
Course
Free
1
H:
5
M
1
 CEUS

System Binary Proxy Execution: Msiexec

In the course, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files by utilizing the built in rundll32.exe. By using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under the rundll32.
Learn More & Enroll

Overview

In the course, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files by utilizing the built in rundll32.exe. By using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under the rundll32.
Start Learning
Course
Free
1
H:
M
1
 CEUS

System Binary Proxy Execution: Rundll32

In this hands-on lab, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files using the built-in rundll32.exe. Using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under rundll32.

Learn More & Enroll

Overview

In this hands-on lab, you will learn how a malicious user can obfuscate some of their payload actions through downloaded DLL files using the built-in rundll32.exe. Using rundll32, an attacker can make their activity look like a normal Windows system binary process being executed under rundll32.

Start Learning
Course
Free
1
H:
M
1
 CEUS

Command and Scripting Interpreter: PowerShell

In this hands-on lab, you will learn how the native PowerShell scripting language for Windows can be abused to allow an attacker to execute remote commands, establish persistence, and create autorun files to carry out an attack.

Learn More & Enroll

Overview

In this hands-on lab, you will learn how the native PowerShell scripting language for Windows can be abused to allow an attacker to execute remote commands, establish persistence, and create autorun files to carry out an attack.

Start Learning
Course
Free
1
H:
M
1
 CEUS

Application Layer Protocol: Web Protocols

In this hands-on lab, you will practice simulating a command-and-control (C2) beacon and detecting the resulting activity using a SIEM.

Learn More & Enroll

Overview

In this hands-on lab, you will practice simulating a command-and-control (C2) beacon and detecting the resulting activity using a SIEM.

Start Learning