reGeorg

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[reGeorg](https://attack.mitre.org/software/S1187) is an open-source web shell written in Python that can be used as a proxy to bypass firewall rules and tunnel data in and out of targeted networks.(Citation: Fortinet reGeorg MAR 2019)(Citation: GitHub reGeorg 2016)

Associated Techniques (10)

ID	ATT&CK	Tactics
T1021.001	Remote Desktop Protocol	-
T1021.002	SMB/Windows Admin Shares	-
T1021.004	SSH	-
T1059.006	Python	-
T1071.001	Web Protocols	-
T1090	Proxy	-
T1095	Non-Application Layer Protocol	-
T1105	Ingress Tool Transfer	-
T1505.003	Web Shell	-
T1572	Protocol Tunneling	-

Used by Actors (3)

APT28
Nation-state

APT29
Nation-state

Ember Bear
Unknown

Metadata

ID:	52
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00