Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation RogueRobin 2019

The campaign infects users with malicious macro enabled Microsoft Excel documents to gain a foothold into the network. The C# payload used in the attacks run a series of commands to detect if the code is being analyzed in a sandbox including checking for virtualized environments, querying system information, determining the total number of CPU cores, and checking for process names containing the words “Wireshark” or “Sysinternals." The malicious software is capable of communicating with its C2 servers using DNS tunneling and the Google Drive API as an alternative channel.
Name Modified Date Sources
Operation RogueRobin 2019 2019-01-23