Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)

Regin is a malware platform that has targeted victims in a range of industries, including telecom, government, and financial institutions. Some Regin timestamps date back to 2003. (Citation: Kaspersky Regin)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	Regin (0cf21558-1217-4d36-9536-2919cfd44825)	Tool	1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	1
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	Regin (4cbe9373-6b5e-42d0-9750-e0b7fc0d58bb)	Malpedia	1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04)	Attack Pattern	1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	1
Regin - S0019 (4c59cce8-cb48-4141-b9f1-f646edfaadb0)	Malware	Network Sniffing - T1040 (3257eb21-f9a7-4430-8de1-d8b6e288f529)	Attack Pattern	1
Invalid Code Signature - T1036.001 (b4b7458f-81f2-4d38-84be-1c5ba0167a52)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	2
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2)	Attack Pattern	Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4)	Attack Pattern	2
Regin (4cbe9373-6b5e-42d0-9750-e0b7fc0d58bb)	Malpedia	Regin (0cf21558-1217-4d36-9536-2919cfd44825)	Tool	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Hidden File System - T1564.005 (dfebc3b7-d19d-450b-81c7-6dafe4184c04)	Attack Pattern	2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	2