Regin malware

GPTKB entity

Statements (52)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities stealth
remote access
data exfiltration
modular architecture
screenshot capture
command and control communication
file theft
network sniffing
password stealing
custom payloads
keystroke logging
gptkbp:alias gptkb:Regin
gptkb:QWERTY
WarriorPride
Prax
gptkbp:category advanced persistent threat
state-sponsored malware
cyber weapon
gptkbp:connectsTo gptkb:Five_Eyes
gptkb:NSA
gptkb:United_Kingdom
gptkb:United_States
gptkb:GCHQ
gptkbp:detectionDifficulty very difficult
gptkbp:discoveredBy gptkb:Symantec
2014
gptkbp:diseaseVector spear phishing
watering hole attacks
exploiting zero-day vulnerabilities
https://www.w3.org/2000/01/rdf-schema#label Regin malware
gptkbp:notableEvent gptkb:European_Union_institutions
gptkb:Belgacom_hack
Iranian targets
Middle East targets
Russian research organizations
Saudi Arabian telecoms
gptkbp:persistenceMechanism multiple stages
encrypted payloads
hidden in system files
gptkbp:platform gptkb:Microsoft_Windows
gptkbp:removalDifficulty high
gptkbp:target private individuals
research institutions
government organizations
telecommunications companies
gptkbp:type modular malware
gptkbp:usedFor cybercrime
data collection
surveillance
gptkbp:bfsParent gptkb:Equation_Group
gptkbp:bfsLayer 7