Neo Regeorg

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Neo-REGEORG is a type of malware, specifically a webshell, that was first observed in action by the Sandworm APT (Advanced Persistent Threat) group in June 2022. Webshells like Neo-REGEORG are malicious scripts used by attackers to maintain access and control over an infected server. In this case, the webshell was deployed on a server exposed to the public internet, marking the beginning of the Sandworm group's activity. The precise initial attack vector remains unclear as of now. The deployment of Neo-REGEORG by Russian hackers on an internet-facing server was consistent with the group’s prior activity, which involved scanning and exploiting such servers for initial access. This activity was first noted in the victim's environment in June 2022. The use of the Neo-REGEORG webshell allowed the hackers to gain and maintain access to the server, setting the stage for further malicious activities. Following the successful deployment of Neo-REGEORG, the same group later introduced GoGetter, a custom TCP tunneling tool used for command and control purposes. This tool enabled the hackers to continue their operations undetected, demonstrating the sophistication and persistence of their approach. Further investigation into these incidents is ongoing, with the aim to understand the full extent of the damage caused by this malware and to develop effective countermeasures.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Webshell
Apt
Web Shell
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SandwormUnspecified
1
Sandworm, a threat actor linked to Russia, has been implicated in numerous high-profile cyber attacks. This group's activities have primarily targeted Ukraine, compromising the country's critical infrastructure and telecommunications providers. The Sandworm group is known for its fileless attack met
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Neo Regeorg Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Russian Sandworm Hackers Caused Power Outage in October 2022
CERT-EU
8 months ago
Russian hackers switch to LOTL technique to cause power outage
Securityaffairs
8 months ago
Russian Sandworm disrupts power in Ukraine with a new OT attack