Check Point Researchers Report New Raspberry Robin Use of 1-Day LPE Exploits

New report details intelligence and technical analysis of the threat actor known as Raspberry Robin, known for its active distribution of crafted malware.
Raspberry Robin

Context

Security Researchers from Check Point have released a public report, Raspberry Robin Keeps Riding the Wave of Endless 1-Days, detailing new intelligence and technical analysis of the threat actor known as Raspberry Robin.

Key findings from the report include the usage of two new 1-day Local Privilege Escalation (LPE) exploits by Raspberry Robin before public disclosure, most notably the usage of CVE-2023-36802, indicating access to an exploit seller or rapid development by Raspberry Robin itself.

Raspberry Robin is known for its active distribution of crafted malware, continually updated features, and its role as an initial access broker for other malware deployments by various criminal groups, including the threat actors known as EvilCorp and TA505.

RH-ISAC Members are encouraged to review the Check Point report and to ingest the Indicators of Compromise (IOCs) below into your relevant security systems where applicable.

Community Threat Assessment

Due to the available public reporting of the newest iteration of Raspberry Robin malware, the RH-ISAC Intelligence Team assesses that Raspberry Robin presents a medium to low threat for organizations in the retail and hospitality sector. RH-ISAC recommends RH-ISAC Core Members review the intelligence included in this report, including the IOCs included below, and, overall, implement a robust and proactive security system to counter potential threats from Raspberry Robin.

IOCs

The following IOCs are collected from the covered report above for your convenience; members are encouraged to ingest the indicators below into your relevant security systems:

File Hashes

7e8315426befbcf3a2fca9a3ad4d0f072d9a184467ae7939920389b4a89f5116

07e5004a0a3a9129560237ab22d73f44d263204c5b6e15bbb7f17cd6171c87e1

c0c92c3c7925965e6b1131e36d76c97f6719bb37c0cedbeab3e906bf600fcef0

697c15125b83c58c29d4235fd7b37c3f48c10630046be4952c220a4631acf05b

537cb91a737213adaec1290188dd4ec6300166595dee034cf24f9080326a3b3b

c6074b63c0ad279ae67a54677a8f037775c6dfbcf9085a0ff0c2a63245b60093

f856db3dc69a1b816804a021e6e458ba4b3bf9a93e7fe2e0b57725ebdff1819d

189f22d5372806c1faaec4d89aaf8bc6837ce653281248d4fc90126d8a6755d0

1235a8b1f7484da4a7efbae115f56b521dd3028b752786656498ec07e156f853

eee7dac3cb9d776843bac9f2bbf633b72dd366adc66b78d34a6071d47f1bf007

1d5ae3117e171eab5919175c9fc677e872f1ef9f52e0c3c7ee4c3d858cd48a48

571e6b37c9acea3add612769d2615f3ad1d2e151b08f8c6eace0cbce0461428a

eb12a5b640ef9bc07af0b59720e005cba41e7b3171ee3bdd9ecbc85b197586bb

ca629b499a3a5cb52457f8f908bff3e5429f8574ba776499739490ff78e69094

fd0a3ec3b1564210e261892d8ceb51637380d0326387605bdccaef44a25221bf

fe8d7cb87345ad74b512ee0dd0bd597413d8f937b476e6d563a59125adc13158

c5d765b773684e851a180152516c45802098a6cd259b81ee4bd98b04607bd0ef

Onion

q24kqkvrqqkope524su77dwqcq5i733sq5mth2227mz5edfqwicy7q[:]17235

uv2qybvhsrk3x2v2qopacdnrxjbup66iemwunluxgc6ftnu4fiskigy[:]33953

vfg6p5mcgc7gtctroyi5utaqthvrekv2vki4iiypts2gdcp4rhfkvli[:]38234

zdvqq6mjlheek2jpm3rqgggx7dwstcmiknpfstkzyts3ztpmynglq3q[:]18256

d25vr34z6covlnj6mhugjzbms2es6s4tf3bejtphqvmwf4gfpyql4qi[:]32447

teozfrl24rpsabtvmsjnl5tkg23wo4jbmtpypnvw4w3fitkez5ciyiy[:]20081

mvv7t5lozz5sncmmd5bpvwhjm3hsk46mvabmnmhklwpxxwmwy2smf2y[:]45423

rmo4mk63kn6endgzdp7thjayjlicxbby7no77tfvtci5u5qecvkyjxy[:]38721

zfzolgxdzwl2man3d6akybyxsdeyh2ppaicj3enzplwruq7c6jme4jq[:]9981

yz5fvv7tkavnft2ruyyjlkfei3yfppd3mvvuqxhcg33pmbq43rfxgpq[:]50634

77d6kijfzsyl56yszxvbwk3li3yufrj4na434t4br7tq5sellknna3q[:]44863

zphnioileyz7d65mnpidvqclir5hlckb3bg6lez4epucvjuituxylby[:]23015

abuchfamm6dovmfhg7mvyndvrg5faevvooa4yluonytfai36f5gkjri[:]15247

zaarq7qb4wbooj5z7llrx5ksccefmmyo272gu4xx3wp5yqilaiwe4ua[:]36473

2uqwigh24evke6joaqrctjzmmmyhkgeqy4uoz3kfrosexf4kaom3xxy[:]14484

ppalluih45fboe7hoczi44zsevt44qebovev6jbg6lwxitl246rlo5a[:]31118

kmjf7jofw73psxfmitg5adqelfgnchvcxwo7qgaxwju57xzm4mmsvri[:]31920

lqmwxbnju666pkh363shqajtevoxp2rbckjftjtwdmmheliugdwb4ai[:]49217

zfemv32bpbg7n2344m6l6h2hsjgp5ilbno5n4usq2aj2u5gzfyx2ofy[:]13038

xmh7b6zrl5gzdcrohkzulmt4tzjzf4vlt3gygruu4gfftshpy5ifbrq[:]42712

7sfrxhf5jsn6576nsobszc3f2grfplwqywiaqo5nvoodj52mtmd47pi[:]4845

zvuqab67nvtuvojpywzupnlz367mribjfleek5dbif5eblawylcxvua[:]237

2rzaiyfnxvrlxt24sk2tqemjjdarr263fsm77gifhocmaswf73dl5li[:]65127

mi4djmtbfxw4l57gigi4klci6y54p6fnp2fd2sm7togys3lfi4azagq[:]27148

zifukywc6oxv25qroqs54oygpmzwdh4es5hkqczkuudmohn3hc25ysi[:]32927

bvq5uuxay7p5fbbuv7ngiqhlf252smmj2l6dtqz5z6tlghvt6vu472a[:]54901

2mxgduwcsfkzhwasbwmp2cjcyfvzqk5lu5kgnyy4qc23lrofz5k22hi[:]26384

4yzsyf3x73qjub5syfsl6fuzyievsgmiroigyukswzujia326oes2dy[:]29393

gwr67l3aooxn2b3epyacrrvom5bneeyuafcmvwpig5dytfsffpxee7y[:]28955

qhucmn74wrtsszebv5rubs7gfdangr5qriam7hadxhpfwwwck2bec4q[:]34534

anivdbul4txegs6tznrjeg2m3vnuzcketia24to4yrexwmbsax6tb6i[:]16585

uvhxab7nypyniazcat7t6wh2fgtcc3h42ytk42mdibbhuzf5z2rrsxq[:]42790

gshauxulrejymni4eu2gxvfyifoc35ybx3emae5haiq6sj57rqsitii[:]41543

heg6uqrur6bbyffxi6whjixykwotld2yacafbrhqe7gprtip36nqjjq[:]51811

3674xdfbpwjjailcehfycfg5z2q7aufvch7zauvydumnfgojs2ub6fy[:]32728

uz37cbxgaxsbt3zawiqe7av7vyuje3yebvd4lgddiob7ngfz6ef3swy[:]3550

5e22curinbh6rta33kuq6yovudwhcoydor7vjl4ijai7jl5rrxowvyi[:]8246

ipei7qgaqcciuozaxxlnob7jwxhcbeboaj3ljddyb6fex4zzl7rb4ry[:]19504

amq2kmrgcffqcxqos34i6dk24zkpt2e2zcyc7h7wtu6pm4acljkltqy[:]16246

7x52dua4vuw27lningemoocsh47wvhsqrvuc6t7si4mkdc7hjrdwaxa[:]55154

lpckpbse2j6iuj2dalfj3vkxa4asvkgmudlqihgzzlgo7pniv3ot6si[:]60831

mjg2lmxzakprm4c4njrgehxg3agnaskz6tzcyligjsb4e5mthqilk2y[:]60139

qmesyzyr4fqbzjy2rw4ez5a33wsr5emt5usin27tbps6e4ifk2ygbdi[:]11482

mtnuvzajdiizc5scdmzqjbimypkhy3hsglp23hwtvntau3bijehmp6q[:]17539

URLs

hxxps://cdn[.]discordapp[.]com/attachments/1162077513514754089/1162934432156631091/Chapter-File1[.]rar

hxxps://cdn[.]discordapp[.]com/attachments/1161358666172203019/1161672256091607130/File.Part_1[.]rar

hxxps://cdn[.]discordapp[.]com/attachments/1162077513514754089/1162608133387075706/Part_File-1[.]rar

hxxps://cdn[.]discordapp[.]com/attachments/1163001512285446147/1163850004423786669/Part.File1[.]rar

 

 

More Recent Blog Posts

2024 RH-ISAC Cyber Intelligence Summit logo

Register for RH-ISAC Summit

Our biggest event of the year is coming up soon! Join RH-ISAC April 9-11 in Denver for our annual three-day conference featuring interactive, practitioner-led discussions, breakout sessions, and keynote presentations.