Overview
Explore a comprehensive cybersecurity presentation detailing the discovery, evolution, and detection methods of Raspberry Robin malware - a significant external drive-based threat that uses Windows Installer for malicious file downloads. Learn from Red Canary's original discovery team about this prevalent threat's behavior patterns in the wild, its evolving tactics, and effective detection strategies for organizational security. Delve into the chronological development from its 2021 discovery through its rise to become the seventh most detected threat in 2022, including crucial Microsoft findings about follow-on activities and DLL analysis. Through detailed segments covering clustering methodology, field observations, community responses, and practical detection opportunities, gain essential insights into protecting systems against this sophisticated malware threat. Master the technical aspects of threat detection while following an engaging presentation style that breaks down complex cybersecurity concepts into actionable intelligence.
Syllabus
Introduction
Today's Bat-Agenda
Flashback: Intel team chat, early 20
Red Canary's clustering methodology
Making connections
Field guide to Raspberry Robin
Raspberry Robin activity
Good Intel Is Essential, Robin
Community response was amazing
Holy crowdsourcing, Batman!
July 2022: Microsoft reports follow-on activity
September 2022: Untangling the DLL
October 2022: Second Microsoft report
Detection opportunity
Holy takeaways, Batman!
Taught by
Red Canary