Neo-reGeorg
Neo-reGeorg is an open-source web shell designed as a restructuring of reGeorg with improved usability, security, and fixes for exising reGeorg bugs.[1]
ID: S1189
ⓘ
Type: MALWARE
ⓘ
Platforms: Network Devices, Windows, macOS, Linux
Version: 1.0
Created: 06 January 2025
Last Modified: 15 April 2025
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Neo-reGeorg can use customized HTTP headers.[1] |
| Enterprise | T1059 | .006 | Command and Scripting Interpreter: Python |
Neo-reGeorg is a Python-based web shell.[1] |
| Enterprise | T1132 | .002 | Data Encoding: Non-Standard Encoding |
Neo-reGeorg can use modified Base64 encoding to obfuscate communications.[1] |
| Enterprise | T1105 | Ingress Tool Transfer |
Neo-reGeorg has the ability to download files to targeted systems.[1] |
|
| Enterprise | T1095 | Non-Application Layer Protocol |
Neo-reGeorg can create multiple TCP connections for a single session.[1] |
|
| Enterprise | T1572 | Protocol Tunneling |
Neo-reGeorg can tunnel data in and out of targeted networks.[1] |
|
| Enterprise | T1090 | Proxy |
Neo-reGeorg has the ability to establish a SOCKS5 proxy on a compromised web server.[1] |
|
| Enterprise | T1505 | .003 | Server Software Component: Web Shell |
Neo-reGeorg can be installed on compromised web servers to tunnel C2 connections.[1][2] |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0034 | Sandworm Team |