Tracking Updates to Raspberry Robin

    Tuesday, August 5, 2025 In: Threat Research Print

    Date: 08/05/2025

    Severity: High

    Summary

    Raspberry Robin, or Roshtyak, is a malicious downloader active since 2021, primarily spreading via infected USB drives. It continues to evolve with enhanced evasion techniques and improved functionality despite limited public reporting. Our previous analysis covers its core behavior, while this blog highlights recent updates and capabilities. These include stronger obfuscation, a switch to ChaCha20 encryption, a new privilege escalation exploit (CVE-2024-38196), and use of invalid TOR domains to hinder IOC extraction.

    Indicators of Compromise (IOC) List

    Domains\URLs : 

    ves2owzq3uqyikb4zoeumzr4uxpi3twmy5qa5fdc4g7btpc43x5ahxyd.onion

    df643p7juf4hhz3nqy4lychm2xslc645bozk3egqhsj46k6xqoy4xvad.onion

    d7qiqd6srhy4poo2q6vbn7bx4b2wl7nrclswfqprmldzuarbfz3rglid.onion

    d7qiqd6srhy4poo2q6vbn7bx4b2wl7nrclswfqprmldzuarbfz3rglid.onion

    yo2a27uulrkraxfdwfcx7zokonpsux5qlufqsu7ial45uitm5v2seyyd.onion

    oqki6m6qejavp7c5smafqa34locotxqbeh4scltzrhucgafykzzbh6ad.onion

    c5empmuptwtgmehonawb6pzd4ifupervyqduqpop2m3idsgbcwdtrdad.onion

    jsfnao46dnqos2avnrcvwlotr6xzqbp6uxfvl4mnkh6uyg6fch4bciqd.onion

    el4ccbgrbeyqdc4vn74tdtfstksdmwj66qdi7e77vucafwvvm7ozvgad.onion

    g7w5uxhxw5mp5jmshvevd273qvkph2if5xnvrjemthe6ok5q5dtek4ad.onion

    cunm2jbjumfxl6tfrtzkmpk7h722oxxqqfaw2iinkalt7ijf77ch27qd.onion

    r4gihskhiti437bonklmq24d6dl6swuw7zg5iseehjcepd3abbyyqsid.onion

    mh3ibr5n4abi3fr3rlaar7wr3p2ptjrcon3jcp6tuqxscxfii4pegkid.onion

    x76mtemtxl5fucgccu2nz4morfmpwwe44xp3ovkgsguzsntlh7ukn4id.onion

    xzxdiwnw354odly55y7twfrimzys5574eaw57ttetyyo4up5ww6v25ad.onion

    ipatoez4ldch3vabmz6lcawxtoogkmg5alxvwdm7fwzng7flvlz47ryd.onion

    wlfeie2rk6utw3y5aykjisr3yj6c7hme43st2weo4jmtok6zxw33hyad.onion

    2fio6wjjlq4pihqf6qhefaqnkkfonkgbiu4uw3jvzhcuysejme4oxwyd.onion

    bpe2vrpvh5ri7odgbqxhr6mjaxe3zvekcexzdwpaiorq3xcbttrxywid.onion

    42lidqllkggf7tsgymwk4jzfmawdinwav5vkii3l3wsqcrk4k5ncrrad.onion

    vvftwyeaxr3f32t3etseadhvfx42ylza5g5gpg3zqp3e46tie2w34iyd.onion

    3c6vus267hplojma4d3qckohjgxnhattb2vkkwcm6anilylzqkzdakad.onion

    ztnjv2hf4gxl7x7f27qhhfxehdd4cd6cdfwjw6u7njmqxjgllzm6kgid.onion

    okindaw6oogkyrdjghbqdcmbcrxersox5yphfod2uy363g5go72tx7qd.onion

    uxfjrthzy6c6a7d2zqk47x4ltjm6hmftbroghxk4vfjva6mftpsmkbyd.onion

    3gqcnr6wlxmv3dunl6rb4mcosa7ttedzbgya42burisj4qoeudl77nad.onion

    kykggujjvvag7p4nmptsfuyqrqtqiqqun3pimsuupecmpoez2gph4vqd.onion

    d4fsxtbvffjubsxmhczl6mt2wqukyao23vzi2dd7nahpcrwrhvkualid.onion

    s54ui6ju3aa5w3anmo3lgwn53hm7us3lj5venw3eqyogoel6e6uv7fad.onion

    3rp2g7y5jyalwmihkagfvwdh3fjvbecor3vz4j6vwaxdnmi6onf2hrid.onion

    ag2qts4t6fy6x475c5xuknlwdugdoy33oueejdv5lkfavah73g6mvlyd.onion

    qtnf675tghndtnnrosx2lsrvktbq7iw3noetckags2fb2ci7cujzxfyd.onion

    4l4abrrv5j7662dioqthd5fz5u4oxbpfradwt3ntliw2gfnikgers6qd.onion

    glhdxhgiqrboqrgw2dmwutpocyilxxuahxc6v3lfpfxhihahw4tjfeid.onion

    csn3i3femv6dx362p4qesombr3e7gm5skcxkuqrymuaxeqqwmnrnvxyd.onion

    knvocjqt6znfp4lba3j237i5kjnxgmk6niqk72w3wb22bfif6i7wufad.onion

    yuuexutjzjmul7wldcecq6mpr2v5dyblw5n77elnoikttxfk3y54gnad.onion

    ysbbw6ghpxos5jzcmdjydrrl3clqdvwfygejrktre4bixr3zo63vk7yd.onion

    xwm5hhm4oalqhe4u67dfsqovxygkxox4bleir4isyqpncskamxa7bead.onion

    gutayapi55tb5dmjhlmlwk3owg4aqy5fbyw7uk4skoagzv3le4ge6kad.onion

    iz3iltwsdsaiqptqxba52bvwouzwoi56fw7vqbiw3znjo2jmifxmiuqd.onion

    ia5ynzyztblk7vde74szyhy6a7f57dqg6jvysnrm34fv2aivlcornzqd.onion

    j3w64lohpdl2fynduq7tey7v5kc5nfieblmi5g2znuadn75lkrgdi3yd.onion

    4x34ze2b5l7fh5b4miyvkg44ohajj2pb7hcewt3jt3wlccfbezejrgyd.onion

    sgk5c76pgs7a3qfhzvmey2ecnunsfdbykgjxvunnbpnn3ixlu7a5eqyd.onion

    ztgk5ebmxcq3onksgg3guxpe4abz4cktcfa5lgubcgyde3ojkbvyjnad.onion

    5lqerrumqsknnphthjiwg45uas7xcer65am4vs7z4zheshmx6hxyh2yd.onion

    5oiwshn53yari5pza6ca3rxctq47e4azf6wzsvyidmt3j55d5lf7rvyd.onion

    7jfv34s2axfur4euvzqzzowyqksby7hyt3sizuxvucxoc6ma46qjooqd.onion

    soraykkm25es2phzeszxpinfhcbqgyn7i4tznb4atvks3gnsynm7avad.onion

    tfjhxbhmr3vrmjrhc543npj4nk64jksodoclyjuqfn5aflmi44f657id.onion

    7ray5zki7gjzms3bzbivwtcacyt4raaz6bixzmmgu6ljy5pjfpebowqd.onion

    z5qg6hpu7sxjyws2fqxei2peywu2tttq6lxs5ybxesgffqmjpedyeuyd.onion

    werbjkqsmcugdcbdn5yvriyy6q4m2qfk3mg7cf6sujzandkwlsnlucid.onion

    aqumyf4ecfgbxgcnrels2qd2cq5obbnwr4zr37cqw3tg7v5o6kuhqqyd.onion

    wmdlzzdfkxikxrlw42rf75ug62semr3h6soc6tyoom3bb75zi7hjbrid.onion

    6g6z6zsz7xc2ywqunbzzc4u2uv7yakc5aiaqbojbajmfioj3dfkzbnqd.onion

    ne2vesxuik5dkz4vynmfped6rjfsjehmkajhkcpcjr5m3c3hc5bx5oad.onion

    7gb5jc3mr32qqyae2s3o5r4fpima2cqpuogpbcmwk7wyvwmqxpr4wdid.onion

    daorqgcuse6jzt7r22si2q4t7rjz622vxd5xhq4v4rzcyukltnqg3pyd.onion

    Hash : 

    5b0476043da365be5325260f1f0811ea81c018a8acc9cee4cd46cb7348c06fc6

    05c6f53118d363ee80989ef37cad85ee1c35b0e22d5dcebd8a6d6a396a94cb65

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Domains\URLs 1:

    domainname like "4l4abrrv5j7662dioqthd5fz5u4oxbpfradwt3ntliw2gfnikgers6qd.onion" or url like "4l4abrrv5j7662dioqthd5fz5u4oxbpfradwt3ntliw2gfnikgers6qd.onion" or siteurl like "4l4abrrv5j7662dioqthd5fz5u4oxbpfradwt3ntliw2gfnikgers6qd.onion" or domainname like "uxfjrthzy6c6a7d2zqk47x4ltjm6hmftbroghxk4vfjva6mftpsmkbyd.onion" or url like "uxfjrthzy6c6a7d2zqk47x4ltjm6hmftbroghxk4vfjva6mftpsmkbyd.onion" or siteurl like "uxfjrthzy6c6a7d2zqk47x4ltjm6hmftbroghxk4vfjva6mftpsmkbyd.onion" or domainname like "d7qiqd6srhy4poo2q6vbn7bx4b2wl7nrclswfqprmldzuarbfz3rglid.onion" or url like "d7qiqd6srhy4poo2q6vbn7bx4b2wl7nrclswfqprmldzuarbfz3rglid.onion" or siteurl like "d7qiqd6srhy4poo2q6vbn7bx4b2wl7nrclswfqprmldzuarbfz3rglid.onion" or domainname like "daorqgcuse6jzt7r22si2q4t7rjz622vxd5xhq4v4rzcyukltnqg3pyd.onion" or url like "daorqgcuse6jzt7r22si2q4t7rjz622vxd5xhq4v4rzcyukltnqg3pyd.onion" or siteurl like "daorqgcuse6jzt7r22si2q4t7rjz622vxd5xhq4v4rzcyukltnqg3pyd.onion" or domainname like "knvocjqt6znfp4lba3j237i5kjnxgmk6niqk72w3wb22bfif6i7wufad.onion" or url like "knvocjqt6znfp4lba3j237i5kjnxgmk6niqk72w3wb22bfif6i7wufad.onion" or siteurl like "knvocjqt6znfp4lba3j237i5kjnxgmk6niqk72w3wb22bfif6i7wufad.onion" or domainname like "yo2a27uulrkraxfdwfcx7zokonpsux5qlufqsu7ial45uitm5v2seyyd.onion" or url like "yo2a27uulrkraxfdwfcx7zokonpsux5qlufqsu7ial45uitm5v2seyyd.onion" or siteurl like "yo2a27uulrkraxfdwfcx7zokonpsux5qlufqsu7ial45uitm5v2seyyd.onion" or domainname like "mh3ibr5n4abi3fr3rlaar7wr3p2ptjrcon3jcp6tuqxscxfii4pegkid.onion" or url like "mh3ibr5n4abi3fr3rlaar7wr3p2ptjrcon3jcp6tuqxscxfii4pegkid.onion" or siteurl like "mh3ibr5n4abi3fr3rlaar7wr3p2ptjrcon3jcp6tuqxscxfii4pegkid.onion" or domainname like "ag2qts4t6fy6x475c5xuknlwdugdoy33oueejdv5lkfavah73g6mvlyd.onion" or url like "ag2qts4t6fy6x475c5xuknlwdugdoy33oueejdv5lkfavah73g6mvlyd.onion" or siteurl like "ag2qts4t6fy6x475c5xuknlwdugdoy33oueejdv5lkfavah73g6mvlyd.onion" or domainname like "wmdlzzdfkxikxrlw42rf75ug62semr3h6soc6tyoom3bb75zi7hjbrid.onion" or url like "wmdlzzdfkxikxrlw42rf75ug62semr3h6soc6tyoom3bb75zi7hjbrid.onion" or siteurl like "wmdlzzdfkxikxrlw42rf75ug62semr3h6soc6tyoom3bb75zi7hjbrid.onion" or domainname like "xwm5hhm4oalqhe4u67dfsqovxygkxox4bleir4isyqpncskamxa7bead.onion" or url like "xwm5hhm4oalqhe4u67dfsqovxygkxox4bleir4isyqpncskamxa7bead.onion" or siteurl like "xwm5hhm4oalqhe4u67dfsqovxygkxox4bleir4isyqpncskamxa7bead.onion" or domainname like "7gb5jc3mr32qqyae2s3o5r4fpima2cqpuogpbcmwk7wyvwmqxpr4wdid.onion" or url like "7gb5jc3mr32qqyae2s3o5r4fpima2cqpuogpbcmwk7wyvwmqxpr4wdid.onion" or siteurl like "7gb5jc3mr32qqyae2s3o5r4fpima2cqpuogpbcmwk7wyvwmqxpr4wdid.onion" or domainname like "ves2owzq3uqyikb4zoeumzr4uxpi3twmy5qa5fdc4g7btpc43x5ahxyd.onion" or url like "ves2owzq3uqyikb4zoeumzr4uxpi3twmy5qa5fdc4g7btpc43x5ahxyd.onion" or siteurl like "ves2owzq3uqyikb4zoeumzr4uxpi3twmy5qa5fdc4g7btpc43x5ahxyd.onion" or domainname like "ysbbw6ghpxos5jzcmdjydrrl3clqdvwfygejrktre4bixr3zo63vk7yd.onion" or url like "ysbbw6ghpxos5jzcmdjydrrl3clqdvwfygejrktre4bixr3zo63vk7yd.onion" or siteurl like "ysbbw6ghpxos5jzcmdjydrrl3clqdvwfygejrktre4bixr3zo63vk7yd.onion" or domainname like "yuuexutjzjmul7wldcecq6mpr2v5dyblw5n77elnoikttxfk3y54gnad.onion" or url like "yuuexutjzjmul7wldcecq6mpr2v5dyblw5n77elnoikttxfk3y54gnad.onion" or siteurl like "yuuexutjzjmul7wldcecq6mpr2v5dyblw5n77elnoikttxfk3y54gnad.onion" or domainname like "4x34ze2b5l7fh5b4miyvkg44ohajj2pb7hcewt3jt3wlccfbezejrgyd.onion" or url like "4x34ze2b5l7fh5b4miyvkg44ohajj2pb7hcewt3jt3wlccfbezejrgyd.onion" or siteurl like "4x34ze2b5l7fh5b4miyvkg44ohajj2pb7hcewt3jt3wlccfbezejrgyd.onion" or domainname like "vvftwyeaxr3f32t3etseadhvfx42ylza5g5gpg3zqp3e46tie2w34iyd.onion" or url like "vvftwyeaxr3f32t3etseadhvfx42ylza5g5gpg3zqp3e46tie2w34iyd.onion" or siteurl like "vvftwyeaxr3f32t3etseadhvfx42ylza5g5gpg3zqp3e46tie2w34iyd.onion"

    Domains\URLs 2:

    domainname like "okindaw6oogkyrdjghbqdcmbcrxersox5yphfod2uy363g5go72tx7qd.onion" or url like "okindaw6oogkyrdjghbqdcmbcrxersox5yphfod2uy363g5go72tx7qd.onion" or siteurl like "okindaw6oogkyrdjghbqdcmbcrxersox5yphfod2uy363g5go72tx7qd.onion" or domainname like "ia5ynzyztblk7vde74szyhy6a7f57dqg6jvysnrm34fv2aivlcornzqd.onion" or url like "ia5ynzyztblk7vde74szyhy6a7f57dqg6jvysnrm34fv2aivlcornzqd.onion" or siteurl like "ia5ynzyztblk7vde74szyhy6a7f57dqg6jvysnrm34fv2aivlcornzqd.onion" or domainname like "el4ccbgrbeyqdc4vn74tdtfstksdmwj66qdi7e77vucafwvvm7ozvgad.onion" or url like "el4ccbgrbeyqdc4vn74tdtfstksdmwj66qdi7e77vucafwvvm7ozvgad.onion" or siteurl like "el4ccbgrbeyqdc4vn74tdtfstksdmwj66qdi7e77vucafwvvm7ozvgad.onion" or domainname like "aqumyf4ecfgbxgcnrels2qd2cq5obbnwr4zr37cqw3tg7v5o6kuhqqyd.onion" or url like "aqumyf4ecfgbxgcnrels2qd2cq5obbnwr4zr37cqw3tg7v5o6kuhqqyd.onion" or siteurl like "aqumyf4ecfgbxgcnrels2qd2cq5obbnwr4zr37cqw3tg7v5o6kuhqqyd.onion" or domainname like "jsfnao46dnqos2avnrcvwlotr6xzqbp6uxfvl4mnkh6uyg6fch4bciqd.onion" or url like "jsfnao46dnqos2avnrcvwlotr6xzqbp6uxfvl4mnkh6uyg6fch4bciqd.onion" or siteurl like "jsfnao46dnqos2avnrcvwlotr6xzqbp6uxfvl4mnkh6uyg6fch4bciqd.onion" or domainname like "3rp2g7y5jyalwmihkagfvwdh3fjvbecor3vz4j6vwaxdnmi6onf2hrid.onion" or url like "3rp2g7y5jyalwmihkagfvwdh3fjvbecor3vz4j6vwaxdnmi6onf2hrid.onion" or siteurl like "3rp2g7y5jyalwmihkagfvwdh3fjvbecor3vz4j6vwaxdnmi6onf2hrid.onion" or domainname like "5lqerrumqsknnphthjiwg45uas7xcer65am4vs7z4zheshmx6hxyh2yd.onion" or url like "5lqerrumqsknnphthjiwg45uas7xcer65am4vs7z4zheshmx6hxyh2yd.onion" or siteurl like "5lqerrumqsknnphthjiwg45uas7xcer65am4vs7z4zheshmx6hxyh2yd.onion" or domainname like "qtnf675tghndtnnrosx2lsrvktbq7iw3noetckags2fb2ci7cujzxfyd.onion" or url like "qtnf675tghndtnnrosx2lsrvktbq7iw3noetckags2fb2ci7cujzxfyd.onion" or siteurl like "qtnf675tghndtnnrosx2lsrvktbq7iw3noetckags2fb2ci7cujzxfyd.onion" or domainname like "bpe2vrpvh5ri7odgbqxhr6mjaxe3zvekcexzdwpaiorq3xcbttrxywid.onion" or url like "bpe2vrpvh5ri7odgbqxhr6mjaxe3zvekcexzdwpaiorq3xcbttrxywid.onion" or siteurl like "bpe2vrpvh5ri7odgbqxhr6mjaxe3zvekcexzdwpaiorq3xcbttrxywid.onion" or domainname like "x76mtemtxl5fucgccu2nz4morfmpwwe44xp3ovkgsguzsntlh7ukn4id.onion" or url like "x76mtemtxl5fucgccu2nz4morfmpwwe44xp3ovkgsguzsntlh7ukn4id.onion" or siteurl like "x76mtemtxl5fucgccu2nz4morfmpwwe44xp3ovkgsguzsntlh7ukn4id.onion" or domainname like "xzxdiwnw354odly55y7twfrimzys5574eaw57ttetyyo4up5ww6v25ad.onion" or url like "xzxdiwnw354odly55y7twfrimzys5574eaw57ttetyyo4up5ww6v25ad.onion" or siteurl like "xzxdiwnw354odly55y7twfrimzys5574eaw57ttetyyo4up5ww6v25ad.onion" or domainname like "5oiwshn53yari5pza6ca3rxctq47e4azf6wzsvyidmt3j55d5lf7rvyd.onion" or url like "5oiwshn53yari5pza6ca3rxctq47e4azf6wzsvyidmt3j55d5lf7rvyd.onion" or siteurl like "5oiwshn53yari5pza6ca3rxctq47e4azf6wzsvyidmt3j55d5lf7rvyd.onion" or domainname like "z5qg6hpu7sxjyws2fqxei2peywu2tttq6lxs5ybxesgffqmjpedyeuyd.onion" or url like "z5qg6hpu7sxjyws2fqxei2peywu2tttq6lxs5ybxesgffqmjpedyeuyd.onion" or siteurl like "z5qg6hpu7sxjyws2fqxei2peywu2tttq6lxs5ybxesgffqmjpedyeuyd.onion" or domainname like "j3w64lohpdl2fynduq7tey7v5kc5nfieblmi5g2znuadn75lkrgdi3yd.onion" or url like "j3w64lohpdl2fynduq7tey7v5kc5nfieblmi5g2znuadn75lkrgdi3yd.onion" or siteurl like "j3w64lohpdl2fynduq7tey7v5kc5nfieblmi5g2znuadn75lkrgdi3yd.onion" or domainname like "kykggujjvvag7p4nmptsfuyqrqtqiqqun3pimsuupecmpoez2gph4vqd.onion" or url like "kykggujjvvag7p4nmptsfuyqrqtqiqqun3pimsuupecmpoez2gph4vqd.onion" or siteurl like "kykggujjvvag7p4nmptsfuyqrqtqiqqun3pimsuupecmpoez2gph4vqd.onion" or domainname like "sgk5c76pgs7a3qfhzvmey2ecnunsfdbykgjxvunnbpnn3ixlu7a5eqyd.onion" or url like "sgk5c76pgs7a3qfhzvmey2ecnunsfdbykgjxvunnbpnn3ixlu7a5eqyd.onion" or siteurl like "sgk5c76pgs7a3qfhzvmey2ecnunsfdbykgjxvunnbpnn3ixlu7a5eqyd.onion" or domainname like "soraykkm25es2phzeszxpinfhcbqgyn7i4tznb4atvks3gnsynm7avad.onion" or url like "soraykkm25es2phzeszxpinfhcbqgyn7i4tznb4atvks3gnsynm7avad.onion" or siteurl like "soraykkm25es2phzeszxpinfhcbqgyn7i4tznb4atvks3gnsynm7avad.onion" or domainname like "c5empmuptwtgmehonawb6pzd4ifupervyqduqpop2m3idsgbcwdtrdad.onion" or url like "c5empmuptwtgmehonawb6pzd4ifupervyqduqpop2m3idsgbcwdtrdad.onion" or siteurl like "c5empmuptwtgmehonawb6pzd4ifupervyqduqpop2m3idsgbcwdtrdad.onion" or domainname like "werbjkqsmcugdcbdn5yvriyy6q4m2qfk3mg7cf6sujzandkwlsnlucid.onion" or url like "werbjkqsmcugdcbdn5yvriyy6q4m2qfk3mg7cf6sujzandkwlsnlucid.onion" or siteurl like "werbjkqsmcugdcbdn5yvriyy6q4m2qfk3mg7cf6sujzandkwlsnlucid.onion" or domainname like "ipatoez4ldch3vabmz6lcawxtoogkmg5alxvwdm7fwzng7flvlz47ryd.onion" or url like "ipatoez4ldch3vabmz6lcawxtoogkmg5alxvwdm7fwzng7flvlz47ryd.onion" or siteurl like "ipatoez4ldch3vabmz6lcawxtoogkmg5alxvwdm7fwzng7flvlz47ryd.onion" or domainname like "3c6vus267hplojma4d3qckohjgxnhattb2vkkwcm6anilylzqkzdakad.onion" or url like "3c6vus267hplojma4d3qckohjgxnhattb2vkkwcm6anilylzqkzdakad.onion" or siteurl like "3c6vus267hplojma4d3qckohjgxnhattb2vkkwcm6anilylzqkzdakad.onion" or domainname like "42lidqllkggf7tsgymwk4jzfmawdinwav5vkii3l3wsqcrk4k5ncrrad.onion" or url like "42lidqllkggf7tsgymwk4jzfmawdinwav5vkii3l3wsqcrk4k5ncrrad.onion" or siteurl like "42lidqllkggf7tsgymwk4jzfmawdinwav5vkii3l3wsqcrk4k5ncrrad.onion" or domainname like "df643p7juf4hhz3nqy4lychm2xslc645bozk3egqhsj46k6xqoy4xvad.onion" or url like "df643p7juf4hhz3nqy4lychm2xslc645bozk3egqhsj46k6xqoy4xvad.onion" or siteurl like "df643p7juf4hhz3nqy4lychm2xslc645bozk3egqhsj46k6xqoy4xvad.onion" or domainname like "7jfv34s2axfur4euvzqzzowyqksby7hyt3sizuxvucxoc6ma46qjooqd.onion" or url like "7jfv34s2axfur4euvzqzzowyqksby7hyt3sizuxvucxoc6ma46qjooqd.onion" or siteurl like "7jfv34s2axfur4euvzqzzowyqksby7hyt3sizuxvucxoc6ma46qjooqd.onion" or domainname like "g7w5uxhxw5mp5jmshvevd273qvkph2if5xnvrjemthe6ok5q5dtek4ad.onion" or url like "g7w5uxhxw5mp5jmshvevd273qvkph2if5xnvrjemthe6ok5q5dtek4ad.onion" or siteurl like "g7w5uxhxw5mp5jmshvevd273qvkph2if5xnvrjemthe6ok5q5dtek4ad.onion"

    Domains\URLs 3:

    domainname like "oqki6m6qejavp7c5smafqa34locotxqbeh4scltzrhucgafykzzbh6ad.onion" or url like "oqki6m6qejavp7c5smafqa34locotxqbeh4scltzrhucgafykzzbh6ad.onion" or siteurl like "oqki6m6qejavp7c5smafqa34locotxqbeh4scltzrhucgafykzzbh6ad.onion" or domainname like "cunm2jbjumfxl6tfrtzkmpk7h722oxxqqfaw2iinkalt7ijf77ch27qd.onion" or url like "cunm2jbjumfxl6tfrtzkmpk7h722oxxqqfaw2iinkalt7ijf77ch27qd.onion" or siteurl like "cunm2jbjumfxl6tfrtzkmpk7h722oxxqqfaw2iinkalt7ijf77ch27qd.onion" or domainname like "r4gihskhiti437bonklmq24d6dl6swuw7zg5iseehjcepd3abbyyqsid.onion" or url like "r4gihskhiti437bonklmq24d6dl6swuw7zg5iseehjcepd3abbyyqsid.onion" or siteurl like "r4gihskhiti437bonklmq24d6dl6swuw7zg5iseehjcepd3abbyyqsid.onion" or domainname like "wlfeie2rk6utw3y5aykjisr3yj6c7hme43st2weo4jmtok6zxw33hyad.onion" or url like "wlfeie2rk6utw3y5aykjisr3yj6c7hme43st2weo4jmtok6zxw33hyad.onion" or siteurl like "wlfeie2rk6utw3y5aykjisr3yj6c7hme43st2weo4jmtok6zxw33hyad.onion" or domainname like "2fio6wjjlq4pihqf6qhefaqnkkfonkgbiu4uw3jvzhcuysejme4oxwyd.onion" or url like "2fio6wjjlq4pihqf6qhefaqnkkfonkgbiu4uw3jvzhcuysejme4oxwyd.onion" or siteurl like "2fio6wjjlq4pihqf6qhefaqnkkfonkgbiu4uw3jvzhcuysejme4oxwyd.onion" or domainname like "ztnjv2hf4gxl7x7f27qhhfxehdd4cd6cdfwjw6u7njmqxjgllzm6kgid.onion" or url like "ztnjv2hf4gxl7x7f27qhhfxehdd4cd6cdfwjw6u7njmqxjgllzm6kgid.onion" or siteurl like "ztnjv2hf4gxl7x7f27qhhfxehdd4cd6cdfwjw6u7njmqxjgllzm6kgid.onion" or domainname like "3gqcnr6wlxmv3dunl6rb4mcosa7ttedzbgya42burisj4qoeudl77nad.onion" or url like "3gqcnr6wlxmv3dunl6rb4mcosa7ttedzbgya42burisj4qoeudl77nad.onion" or siteurl like "3gqcnr6wlxmv3dunl6rb4mcosa7ttedzbgya42burisj4qoeudl77nad.onion" or domainname like "d4fsxtbvffjubsxmhczl6mt2wqukyao23vzi2dd7nahpcrwrhvkualid.onion" or url like "d4fsxtbvffjubsxmhczl6mt2wqukyao23vzi2dd7nahpcrwrhvkualid.onion" or siteurl like "d4fsxtbvffjubsxmhczl6mt2wqukyao23vzi2dd7nahpcrwrhvkualid.onion" or domainname like "s54ui6ju3aa5w3anmo3lgwn53hm7us3lj5venw3eqyogoel6e6uv7fad.onion" or url like "s54ui6ju3aa5w3anmo3lgwn53hm7us3lj5venw3eqyogoel6e6uv7fad.onion" or siteurl like "s54ui6ju3aa5w3anmo3lgwn53hm7us3lj5venw3eqyogoel6e6uv7fad.onion" or domainname like "glhdxhgiqrboqrgw2dmwutpocyilxxuahxc6v3lfpfxhihahw4tjfeid.onion" or url like "glhdxhgiqrboqrgw2dmwutpocyilxxuahxc6v3lfpfxhihahw4tjfeid.onion" or siteurl like "glhdxhgiqrboqrgw2dmwutpocyilxxuahxc6v3lfpfxhihahw4tjfeid.onion" or domainname like "csn3i3femv6dx362p4qesombr3e7gm5skcxkuqrymuaxeqqwmnrnvxyd.onion" or url like "csn3i3femv6dx362p4qesombr3e7gm5skcxkuqrymuaxeqqwmnrnvxyd.onion" or siteurl like "csn3i3femv6dx362p4qesombr3e7gm5skcxkuqrymuaxeqqwmnrnvxyd.onion" or domainname like "gutayapi55tb5dmjhlmlwk3owg4aqy5fbyw7uk4skoagzv3le4ge6kad.onion" or url like "gutayapi55tb5dmjhlmlwk3owg4aqy5fbyw7uk4skoagzv3le4ge6kad.onion" or siteurl like "gutayapi55tb5dmjhlmlwk3owg4aqy5fbyw7uk4skoagzv3le4ge6kad.onion" or domainname like "iz3iltwsdsaiqptqxba52bvwouzwoi56fw7vqbiw3znjo2jmifxmiuqd.onion" or url like "iz3iltwsdsaiqptqxba52bvwouzwoi56fw7vqbiw3znjo2jmifxmiuqd.onion" or siteurl like "iz3iltwsdsaiqptqxba52bvwouzwoi56fw7vqbiw3znjo2jmifxmiuqd.onion" or domainname like "ztgk5ebmxcq3onksgg3guxpe4abz4cktcfa5lgubcgyde3ojkbvyjnad.onion" or url like "ztgk5ebmxcq3onksgg3guxpe4abz4cktcfa5lgubcgyde3ojkbvyjnad.onion" or siteurl like "ztgk5ebmxcq3onksgg3guxpe4abz4cktcfa5lgubcgyde3ojkbvyjnad.onion" or domainname like "tfjhxbhmr3vrmjrhc543npj4nk64jksodoclyjuqfn5aflmi44f657id.onion" or url like "tfjhxbhmr3vrmjrhc543npj4nk64jksodoclyjuqfn5aflmi44f657id.onion" or siteurl like "tfjhxbhmr3vrmjrhc543npj4nk64jksodoclyjuqfn5aflmi44f657id.onion" or domainname like "7ray5zki7gjzms3bzbivwtcacyt4raaz6bixzmmgu6ljy5pjfpebowqd.onion" or url like "7ray5zki7gjzms3bzbivwtcacyt4raaz6bixzmmgu6ljy5pjfpebowqd.onion" or siteurl like "7ray5zki7gjzms3bzbivwtcacyt4raaz6bixzmmgu6ljy5pjfpebowqd.onion" or domainname like "6g6z6zsz7xc2ywqunbzzc4u2uv7yakc5aiaqbojbajmfioj3dfkzbnqd.onion" or url like "6g6z6zsz7xc2ywqunbzzc4u2uv7yakc5aiaqbojbajmfioj3dfkzbnqd.onion" or siteurl like "6g6z6zsz7xc2ywqunbzzc4u2uv7yakc5aiaqbojbajmfioj3dfkzbnqd.onion" or domainname like "ne2vesxuik5dkz4vynmfped6rjfsjehmkajhkcpcjr5m3c3hc5bx5oad.onion" or url like "ne2vesxuik5dkz4vynmfped6rjfsjehmkajhkcpcjr5m3c3hc5bx5oad.onion" or siteurl like "ne2vesxuik5dkz4vynmfped6rjfsjehmkajhkcpcjr5m3c3hc5bx5oad.onion" 

    Hash  :

    sha256hash IN ("5b0476043da365be5325260f1f0811ea81c018a8acc9cee4cd46cb7348c06fc6","05c6f53118d363ee80989ef37cad85ee1c35b0e22d5dcebd8a6d6a396a94cb65")

    Reference:

    https://www.zscaler.com/blogs/security-research/tracking-updates-raspberry-robin#introduction


    Tags

    Threat ActorVulnerabilityRASPBERRY ROBINRoshtyakCVE-2024Exploit

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.