Home >
Enterprise >
Participants >
FireEye >
Query Registry (T1012)
|
|
Carbanak+FIN7 |
||||||
Step | ATT&CK Pattern |
|
||||
3.B.4
|
Tactic Discovery (TA0007) |
|
APT29 |
||||||
Step | ATT&CK Pattern |
|
||||
12.C.1
|
Tactic Discovery (TA0007) |
|
||||
12.C.2
|
Tactic Discovery (TA0007) |
|
APT3 |
||||||
Step | ATT&CK Pattern |
|
||||
2.H.1
|
Tactic Discovery (TA0007) |
|
||||
6.A.1
|
Tactic Discovery (TA0007) |
|
||||
12.E.1.7
|
Tactic Discovery (TA0007) |
|
||||
13.C.1
|
Tactic Discovery (TA0007) |
|
||||
17.A.1.2
|
Tactic Discovery (TA0007) |
|
Procedure
Cobalt Strike: 'reg query' via cmd to enumerate a specific Registry key
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]


Procedure
Cobalt Strike: 'reg query' via cmd to remotely enumerate a specific Registry key on Conficker (10.0.0.5)
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]


[3]


[4]


[5]


Procedure
Empire:'reg query' via PowerShell to enumerate a specific Registry key
Footnotes
- Managed Defense Reports are reports provided by FireEye's managed detection and response (MDR) service. FireEye provided reports to MITRE after the completion of the evaluation to mimic what they would produce in a real incident.


[2]

