reGeorg
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
reGeorg can use HTTP to tunnel connections in and out of targeted networks.(Citation: Fortinet reGeorg MAR 2019) |
Enterprise | T1059 | .006 | Command and Scripting Interpreter: Python |
reGeorg is a Python-based web shell.(Citation: GitHub reGeorg 2016) |
Enterprise | T1021 | .001 | Remote Services: Remote Desktop Protocol |
reGeorg can be used to tunnel RDP connections.(Citation: Fortinet reGeorg MAR 2019) |
.002 | Remote Services: SMB/Windows Admin Shares |
reGeorg has the ability to tunnel SMB sessions.(Citation: Fortinet reGeorg MAR 2019) |
||
.004 | Remote Services: SSH |
reGeorg can communicate using SSH through an HTTP tunnel.(Citation: Fortinet reGeorg MAR 2019) |
||
Enterprise | T1505 | .003 | Server Software Component: Web Shell |
reGeorg is a web shell that has been installed on exposed web servers for access to victim environments.(Citation: Mandiant APT29 Eye Spy Email Nov 22)(Citation: Cadet Blizzard emerges as novel threat actor) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G0016 | APT29 |
(Citation: Mandiant APT29 Eye Spy Email Nov 22) |
G1003 | Ember Bear |
(Citation: Cadet Blizzard emerges as novel threat actor) |
G0007 | APT28 |
(Citation: Security Affairs ANSSI APT28 OCT 2023) |
References
- FortiGard Labs. (2019, March 12). ReGeorg.HTTP.Tunnel. Retrieved December 3, 2024.
- xl7dev. (2016). reGeorg-master. Retrieved December 3, 2024.
- Mandiant. (2022, May 2). UNC3524: Eye Spy on Your Email. Retrieved August 17, 2023.
- Microsoft Threat Intelligence. (2023, June 14). Cadet Blizzard emerges as a novel and distinct Russian threat actor. Retrieved July 10, 2023.
- L-Codes. (2019). Neo-reGeorg. Retrieved December 4, 2024.
- Paganini, P. (2023, October 27). France agency ANSSI warns of Russia-linked APT28 attacks on French entities. Retrieved December 3, 2024.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.