cyber_threat_intelligence/actors/Raspberry Robin/README.md

# Raspberry Robin - Cyber Threat Intelligence

These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Raspberry Robin](https://vuldb.com/?actor.raspberry_robin). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.raspberry_robin](https://vuldb.com/?actor.raspberry_robin)

## IOC - Indicator of Compromise

These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Raspberry Robin.

ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [1.163.239.22](https://vuldb.com/?ip.1.163.239.22) | 1-163-239-22.dynamic-ip.hinet.net | - | High
2 | [1.175.74.58](https://vuldb.com/?ip.1.175.74.58) | 1-175-74-58.dynamic-ip.hinet.net | - | High
3 | [1.175.125.217](https://vuldb.com/?ip.1.175.125.217) | 1-175-125-217.dynamic-ip.hinet.net | - | High
4 | [1.175.137.191](https://vuldb.com/?ip.1.175.137.191) | 1-175-137-191.dynamic-ip.hinet.net | - | High
5 | [1.175.153.226](https://vuldb.com/?ip.1.175.153.226) | 1-175-153-226.dynamic-ip.hinet.net | - | High
6 | [31.17.3.210](https://vuldb.com/?ip.31.17.3.210) | ip1f1103d2.dynamic.kabel-deutschland.de | - | High
7 | [37.223.74.108](https://vuldb.com/?ip.37.223.74.108) | - | - | High
8 | [46.11.6.104](https://vuldb.com/?ip.46.11.6.104) | - | - | High
9 | [46.11.83.236](https://vuldb.com/?ip.46.11.83.236) | - | - | High
10 | [46.11.88.157](https://vuldb.com/?ip.46.11.88.157) | - | - | High
11 | [46.11.88.251](https://vuldb.com/?ip.46.11.88.251) | - | - | High
12 | [46.217.252.5](https://vuldb.com/?ip.46.217.252.5) | - | - | High
13 | [46.217.252.172](https://vuldb.com/?ip.46.217.252.172) | - | - | High
14 | [46.246.235.240](https://vuldb.com/?ip.46.246.235.240) | 46.246.235.240.dsl.dyn.forthnet.gr | - | High
15 | [47.62.21.60](https://vuldb.com/?ip.47.62.21.60) | 47-62-21-60.red-acceso.airtel.net | - | High
16 | [47.62.80.170](https://vuldb.com/?ip.47.62.80.170) | 47-62-80-170.red-acceso.airtel.net | - | High
17 | [58.136.1.101](https://vuldb.com/?ip.58.136.1.101) | - | - | High
18 | [58.136.239.28](https://vuldb.com/?ip.58.136.239.28) | - | - | High
19 | [58.177.98.79](https://vuldb.com/?ip.58.177.98.79) | 058177098079.ctinets.com | - | High
20 | [61.68.74.170](https://vuldb.com/?ip.61.68.74.170) | 61-68-74-170.tpgi.com.au | - | High
21 | ... | ... | ... | ...

There are 81 more IOC items available. Please use our online service to access the data.

## References

The following list contains _external sources_ which discuss the actor and the associated activities:

* https://1275.ru/ioc/191/raspberry-robin-worm-iocs/
* https://1275.ru/ioc/365/raspberry-robin-worm-iocs-part-2/
* https://threatfox.abuse.ch
* https://twitter.com/DTCERT/status/1565664874633564162

## Literature

The following _articles_ explain our unique predictive cyber threat intelligence:

* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)

## License

(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!