Intel Name: Potential raspberry robin cpl execution activity
Date of Scan: December 30, 2024
Impact: High
Summary: Identifies the execution of a “.CPL” file from the user’s temporary directory using the “Control_RunDLL” export function of the Shell32 DLL. This activity has been observed in several Raspberry Robin variants.