Context
Security Researchers from Check Point have released a public report, Raspberry Robin Keeps Riding the Wave of Endless 1-Days, detailing new intelligence and technical analysis of the threat actor known as Raspberry Robin.
Key findings from the report include the usage of two new 1-day Local Privilege Escalation (LPE) exploits by Raspberry Robin before public disclosure, most notably the usage of CVE-2023-36802, indicating access to an exploit seller or rapid development by Raspberry Robin itself.
Raspberry Robin is known for its active distribution of crafted malware, continually updated features, and its role as an initial access broker for other malware deployments by various criminal groups, including the threat actors known as EvilCorp and TA505.
RH-ISAC Members are encouraged to review the Check Point report and to ingest the Indicators of Compromise (IOCs) below into your relevant security systems where applicable.
Community Threat Assessment
Due to the available public reporting of the newest iteration of Raspberry Robin malware, the RH-ISAC Intelligence Team assesses that Raspberry Robin presents a medium to low threat for organizations in the retail and hospitality sector. RH-ISAC recommends RH-ISAC Core Members review the intelligence included in this report, including the IOCs included below, and, overall, implement a robust and proactive security system to counter potential threats from Raspberry Robin.
IOCs
The following IOCs are collected from the covered report above for your convenience; members are encouraged to ingest the indicators below into your relevant security systems:
File Hashes
7e8315426befbcf3a2fca9a3ad4d0f072d9a184467ae7939920389b4a89f5116
07e5004a0a3a9129560237ab22d73f44d263204c5b6e15bbb7f17cd6171c87e1
c0c92c3c7925965e6b1131e36d76c97f6719bb37c0cedbeab3e906bf600fcef0
697c15125b83c58c29d4235fd7b37c3f48c10630046be4952c220a4631acf05b
537cb91a737213adaec1290188dd4ec6300166595dee034cf24f9080326a3b3b
c6074b63c0ad279ae67a54677a8f037775c6dfbcf9085a0ff0c2a63245b60093
f856db3dc69a1b816804a021e6e458ba4b3bf9a93e7fe2e0b57725ebdff1819d
189f22d5372806c1faaec4d89aaf8bc6837ce653281248d4fc90126d8a6755d0
1235a8b1f7484da4a7efbae115f56b521dd3028b752786656498ec07e156f853
eee7dac3cb9d776843bac9f2bbf633b72dd366adc66b78d34a6071d47f1bf007
1d5ae3117e171eab5919175c9fc677e872f1ef9f52e0c3c7ee4c3d858cd48a48
571e6b37c9acea3add612769d2615f3ad1d2e151b08f8c6eace0cbce0461428a
eb12a5b640ef9bc07af0b59720e005cba41e7b3171ee3bdd9ecbc85b197586bb
ca629b499a3a5cb52457f8f908bff3e5429f8574ba776499739490ff78e69094
fd0a3ec3b1564210e261892d8ceb51637380d0326387605bdccaef44a25221bf
fe8d7cb87345ad74b512ee0dd0bd597413d8f937b476e6d563a59125adc13158
c5d765b773684e851a180152516c45802098a6cd259b81ee4bd98b04607bd0ef
Onion
q24kqkvrqqkope524su77dwqcq5i733sq5mth2227mz5edfqwicy7q[:]17235
uv2qybvhsrk3x2v2qopacdnrxjbup66iemwunluxgc6ftnu4fiskigy[:]33953
vfg6p5mcgc7gtctroyi5utaqthvrekv2vki4iiypts2gdcp4rhfkvli[:]38234
zdvqq6mjlheek2jpm3rqgggx7dwstcmiknpfstkzyts3ztpmynglq3q[:]18256
d25vr34z6covlnj6mhugjzbms2es6s4tf3bejtphqvmwf4gfpyql4qi[:]32447
teozfrl24rpsabtvmsjnl5tkg23wo4jbmtpypnvw4w3fitkez5ciyiy[:]20081
mvv7t5lozz5sncmmd5bpvwhjm3hsk46mvabmnmhklwpxxwmwy2smf2y[:]45423
rmo4mk63kn6endgzdp7thjayjlicxbby7no77tfvtci5u5qecvkyjxy[:]38721
zfzolgxdzwl2man3d6akybyxsdeyh2ppaicj3enzplwruq7c6jme4jq[:]9981
yz5fvv7tkavnft2ruyyjlkfei3yfppd3mvvuqxhcg33pmbq43rfxgpq[:]50634
77d6kijfzsyl56yszxvbwk3li3yufrj4na434t4br7tq5sellknna3q[:]44863
zphnioileyz7d65mnpidvqclir5hlckb3bg6lez4epucvjuituxylby[:]23015
abuchfamm6dovmfhg7mvyndvrg5faevvooa4yluonytfai36f5gkjri[:]15247
zaarq7qb4wbooj5z7llrx5ksccefmmyo272gu4xx3wp5yqilaiwe4ua[:]36473
2uqwigh24evke6joaqrctjzmmmyhkgeqy4uoz3kfrosexf4kaom3xxy[:]14484
ppalluih45fboe7hoczi44zsevt44qebovev6jbg6lwxitl246rlo5a[:]31118
kmjf7jofw73psxfmitg5adqelfgnchvcxwo7qgaxwju57xzm4mmsvri[:]31920
lqmwxbnju666pkh363shqajtevoxp2rbckjftjtwdmmheliugdwb4ai[:]49217
zfemv32bpbg7n2344m6l6h2hsjgp5ilbno5n4usq2aj2u5gzfyx2ofy[:]13038
xmh7b6zrl5gzdcrohkzulmt4tzjzf4vlt3gygruu4gfftshpy5ifbrq[:]42712
7sfrxhf5jsn6576nsobszc3f2grfplwqywiaqo5nvoodj52mtmd47pi[:]4845
zvuqab67nvtuvojpywzupnlz367mribjfleek5dbif5eblawylcxvua[:]237
2rzaiyfnxvrlxt24sk2tqemjjdarr263fsm77gifhocmaswf73dl5li[:]65127
mi4djmtbfxw4l57gigi4klci6y54p6fnp2fd2sm7togys3lfi4azagq[:]27148
zifukywc6oxv25qroqs54oygpmzwdh4es5hkqczkuudmohn3hc25ysi[:]32927
bvq5uuxay7p5fbbuv7ngiqhlf252smmj2l6dtqz5z6tlghvt6vu472a[:]54901
2mxgduwcsfkzhwasbwmp2cjcyfvzqk5lu5kgnyy4qc23lrofz5k22hi[:]26384
4yzsyf3x73qjub5syfsl6fuzyievsgmiroigyukswzujia326oes2dy[:]29393
gwr67l3aooxn2b3epyacrrvom5bneeyuafcmvwpig5dytfsffpxee7y[:]28955
qhucmn74wrtsszebv5rubs7gfdangr5qriam7hadxhpfwwwck2bec4q[:]34534
anivdbul4txegs6tznrjeg2m3vnuzcketia24to4yrexwmbsax6tb6i[:]16585
uvhxab7nypyniazcat7t6wh2fgtcc3h42ytk42mdibbhuzf5z2rrsxq[:]42790
gshauxulrejymni4eu2gxvfyifoc35ybx3emae5haiq6sj57rqsitii[:]41543
heg6uqrur6bbyffxi6whjixykwotld2yacafbrhqe7gprtip36nqjjq[:]51811
3674xdfbpwjjailcehfycfg5z2q7aufvch7zauvydumnfgojs2ub6fy[:]32728
uz37cbxgaxsbt3zawiqe7av7vyuje3yebvd4lgddiob7ngfz6ef3swy[:]3550
5e22curinbh6rta33kuq6yovudwhcoydor7vjl4ijai7jl5rrxowvyi[:]8246
ipei7qgaqcciuozaxxlnob7jwxhcbeboaj3ljddyb6fex4zzl7rb4ry[:]19504
amq2kmrgcffqcxqos34i6dk24zkpt2e2zcyc7h7wtu6pm4acljkltqy[:]16246
7x52dua4vuw27lningemoocsh47wvhsqrvuc6t7si4mkdc7hjrdwaxa[:]55154
lpckpbse2j6iuj2dalfj3vkxa4asvkgmudlqihgzzlgo7pniv3ot6si[:]60831
mjg2lmxzakprm4c4njrgehxg3agnaskz6tzcyligjsb4e5mthqilk2y[:]60139
qmesyzyr4fqbzjy2rw4ez5a33wsr5emt5usin27tbps6e4ifk2ygbdi[:]11482
mtnuvzajdiizc5scdmzqjbimypkhy3hsglp23hwtvntau3bijehmp6q[:]17539
URLs
hxxps://cdn[.]discordapp[.]com/attachments/1162077513514754089/1162934432156631091/Chapter-File1[.]rar
hxxps://cdn[.]discordapp[.]com/attachments/1161358666172203019/1161672256091607130/File.Part_1[.]rar
hxxps://cdn[.]discordapp[.]com/attachments/1162077513514754089/1162608133387075706/Part_File-1[.]rar
hxxps://cdn[.]discordapp[.]com/attachments/1163001512285446147/1163850004423786669/Part.File1[.]rar
