Intel Name: Raspberry robin infection chain uses webdav server
Date of Scan: November 15, 2024
Impact: High
Summary: We identified a unique infection chain pattern distributing Raspberry Robin, traceable back to late October 2024. We suspect the initial zip downloads are distributed via embedded third-party ads on various sites attempting to monetize traffic. These zip archives and the extracted HTA files all share the same root name.