reGeorg
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 06/01/2025 19:21
- Modified
- 27/03/2026 01:03
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 37 attack patterns (mitre), 4 intrusion sets (apt), 13 indicators, 1 reports
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (37)
-
T1583 usesAcquire Infrastructure MITRE
-
T1566 usesPhishing MITRE
-
T1090 usesProxy MITRE
-
T1572 usesProtocol Tunneling MITRE
-
T1021.004 usesSSH MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1584 usesCompromise Infrastructure MITRE
-
T1505 usesServer Software Component MITRE
-
T1204 usesUser Execution MITRE
-
T1071 usesApplication Layer Protocol MITRE
-
T1014 usesRootkit MITRE
-
T1049 usesSystem Network Connections Discovery MITRE
Intrusion sets (APT) (4)
-
The MITRE Corporation Confidence 100
[APT29](https://attack.mitre.org/groups/G0016) is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR).(Citation: White House Imposing Costs RU Gov April 2021)(Citation: UK Gov Malign RIS Activity April…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Cranefly usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Saint Bear](https://attack.mitre.org/groups/G1031) is a Russian-nexus threat actor active since early 2021, primarily targeting entities in Ukraine and Georgia. The group is notable for a specific remote access tool,…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Indicators (13)
-
stix 100/100 Revoked· Valid until 10/03/2024 · Source: AlienVault
-
d7019b32cdd62a67c3ca6f89b0d192c2a58008e9indicatesyara 100/100 Revoked· Valid until 06/08/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 10/03/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 10/03/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 10/03/2024 · Source: AlienVault
-
75a9ffebf5897fd52d2fdab44a7450bd3f6e68a9indicatesyara 100/100 Revoked· Valid until 06/08/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 10/03/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 10/03/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 10/03/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 10/03/2024 · Source: AlienVault
-
stix 100/100 Revoked
webshell_asp_runtime_compile
· Valid until 10/03/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 06/08/2023 · Source: AlienVault
Reports (1)
-
Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools