Malware: reGeorg

Description

[reGeorg](https://attack.mitre.org/software/S1187) is an open-source web shell written in Python that can be used as a proxy to bypass firewall rules and tunnel data in and out of targeted networks.(Citation: Fortinet reGeorg MAR 2019)(Citation: GitHub reGeorg 2016)

External References

• mitre-attack
• Fortinet reGeorg MAR 2019
• GitHub reGeorg 2016

Techniques Used by This Malware

• T1021.001 — Remote Desktop Protocol
• T1021.002 — SMB/Windows Admin Shares
• T1021.004 — SSH
• T1059.006 — Python
• T1071.001 — Web Protocols
• T1090 — Proxy
• T1095 — Non-Application Layer Protocol
• T1105 — Ingress Tool Transfer
• T1505.003 — Web Shell
• T1572 — Protocol Tunneling

APT Groups Using This Malware

• Ember Bear
• APT28
• APT29