EXPLORE

← Back to Explore

T1012

Query Registry

Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. The Registry contains a significant amount of information about the operating system, configuration, software, and security.(Citation: Wikipedia Windows Registry) Information can easily be queried using the [Reg](https://attack.mitre.org/software/S0075) utility, though other means to access the Registry exist. Some of the information may help adversaries to further t...

Windows

22

Detections

3

Sources

19

Threat Actors

BY SOURCE

12splunk_escu9sigma1elastic

PROCEDURES (17)

Azure2 detections

Auto-extracted: 2 detections for azure

Registry2 detections

Auto-extracted: 2 detections for registry

Process Access2 detections

Auto-extracted: 2 detections for process access

Bypass2 detections

Auto-extracted: 2 detections for bypass

Registry2 detections

Auto-extracted: 2 detections for registry

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Credential1 detections

Auto-extracted: 1 detections for credential

Privilege1 detections

Auto-extracted: 1 detections for privilege

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

Event Log1 detections

Auto-extracted: 1 detections for event log

Privilege1 detections

Auto-extracted: 1 detections for privilege

Wmi1 detections

Auto-extracted: 1 detections for wmi

Privilege1 detections

Auto-extracted: 1 detections for privilege

Event Log1 detections

Auto-extracted: 1 detections for event log

Event Log1 detections

Auto-extracted: 1 detections for event log

Anomal1 detections

Auto-extracted: 1 detections for anomal

Service1 detections

Auto-extracted: 1 detections for service

THREAT ACTORS (19)

APT32 APT39 APT41 BlackByte Chimera Daggerfly Dragonfly Fox Kitten Gamaredon Group Indrik Spider Kimsuky Lazarus Group Lotus Blossom OilRig Stealth Falcon Threat Group-3390 Turla Volt Typhoon ZIRCONIUM

DETECTIONS (22)

Azure AD Health Monitoring Agent Registry Keys Access

Azure AD Health Service Agents Registry Keys Access

Enumeration Command Spawned via WMIPrvSE

Exports Critical Registry Keys To a File

Exports Registry Key To a File

HackTool - PCHunter Execution

Potential Configuration And Service Reconnaissance Via Reg.EXE

Registry Manipulation via WMI Stdregprov

SAM Registry Hive Handle Request

SysKey Registry Keys Access

Windows Credential Access From Browser Password Store

Windows Credentials from Password Stores Chrome Extension Access

Windows Credentials from Password Stores Chrome LocalState Access

Windows Credentials from Password Stores Chrome Login Data Access

Windows Hosts File Access

Windows Non Discord App Access Discord LevelDB

Windows Post Exploitation Risk Behavior

Windows Product Key Registry Query

Windows Query Registry Browser List Application

Windows Query Registry UnInstall Program List

Windows Registry Entries Exported Via Reg

Windows Registry Entries Restored Via Reg