Potential raspberry robin cpl execution activity

Intel Name: Potential raspberry robin cpl execution activity

Date of Scan: December 30, 2024

Impact: High

Summary:
Identifies the execution of a “.CPL” file from the user’s temporary directory using the “Control_RunDLL” export function of the Shell32 DLL. This activity has been observed in several Raspberry Robin variants.

More Details