RegDuke (52dc08d8-82cc-46dc-91ae-383193d72963)
RegDuke is a first stage implant written in .NET and used by APT29 since at least 2017. RegDuke has been used to control a compromised machine when control of other implants on the machine was lost.[ESET Dukes October 2019]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| APT29 (4c3e48b9-4426-4271-a7af-c3dfad79f447) | Tidal Groups | RegDuke (52dc08d8-82cc-46dc-91ae-383193d72963) | Tidal Software | 1 |