RegDuke

Malware & Tools · RegDuke

· MalwareS0511 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Windows

Description

RegDuke is a first stage implant written in .NET and used by APT29 since at least 2017. RegDuke has been used to control a compromised machine when control of other implants on the machine was lost.(Citation: ESET Dukes October 2019)

Tactic Coverage

stealth (4)command and control (2)persistence (2)execution (1)defense impairment (1)privilege escalation (1)

Used By (1 groups)

G0016APT29IRON RITUAL, IRON HEMLOCK

Techniques (9)

T1027Obfuscated Files or Information

stealth

T1027.003Steganography

stealth

T1027.011Fileless Storage

stealth

T1059.001PowerShell

execution

T1102.002Bidirectional Communication

command and control

T1105Ingress Tool Transfer

command and control

T1112Modify Registry

References

https://attack.mitre.org/software/S0511 https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf