Skip to content

Hide Navigation Hide TOC

Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)

Regin is a malware platform that has targeted victims in a range of industries, including telecom, government, and financial institutions. Some Regin timestamps date back to 2003. (Citation: Kaspersky Regin)

Cluster A Galaxy A Cluster B Galaxy B Level
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern 1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 1
Regin (4cbe9373-6b5e-42d0-9750-e0b7fc0d58bb) Malpedia Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware 1
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware 1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 1
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware 1
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) Attack Pattern Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware 1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware Regin (0cf21558-1217-4d36-9536-2919cfd44825) Tool 1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware 1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529) Attack Pattern 1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0) Malware Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 1
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern 2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern 2
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Regin (4cbe9373-6b5e-42d0-9750-e0b7fc0d58bb) Malpedia Regin (0cf21558-1217-4d36-9536-2919cfd44825) Tool 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern 2
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52) Attack Pattern 2