SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Reg
Reg is a Windows utility used to interact with the Windows Registry. It can be used at the command-line interface to query, add, modify, and remove information. [1]
Utilities such as Reg are known to be used by persistent threats. [2]
ID: S0075
Associated Software: reg.exe
Type: TOOL
Platforms: Windows
Version: 1.0
Created: 31 May 2017
Last Modified: 17 October 2018
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1112 | Modify Registry |
Reg may be used to interact with and modify the Windows Registry of a local or remote system at the command-line interface.[1] |
|
Enterprise | T1012 | Query Registry |
Reg may be used to gather details from the Windows Registry of a local or remote system at the command-line interface.[1] |
|
Enterprise | T1552 | .002 | Unsecured Credentials: Credentials in Registry |
Reg may be used to find credentials in the Windows Registry.[3] |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0072 | Honeybee | |
G0010 | Turla | |
G0049 | OilRig | |
G0075 | Rancor | |
G0074 | Dragonfly 2.0 | |
G0093 | Soft Cell |
References
- Microsoft. (2012, April 17). Reg. Retrieved May 1, 2015.
- Tomonaga, S. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016.
- netbiosX. (2017, April 19). Stored Credentials. Retrieved April 6, 2018.
- Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
- Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.
- Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.
- Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.
- Ash, B., et al. (2018, June 26). RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families. Retrieved July 2, 2018.
- US-CERT. (2018, March 16). Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved June 6, 2018.
- Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.
×