Home >
Enterprise >
Participants >
Cybereason >
Modify Registry (T1112)
|
|
Carbanak+FIN7 |
||||||
Step | ATT&CK Pattern |
|
||||
3.A.2
|
Tactic Defense Evasion (TA0005) |
|
||||
4.B.4
|
Tactic Defense Evasion (TA0005) |
|
||||
10.A.5
|
Tactic Defense Evasion (TA0005) |
|
||||
10.A.6
|
Tactic Defense Evasion (TA0005) |
|
APT29 |
||||
Step | ATT&CK Pattern |
|
||
3.C.1
|
Tactic Defense Evasion (TA0005) |
|
||
14.A.3
|
Tactic Defense Evasion (TA0005) |
|
Procedure
Modified the Registry to remove artifacts of COM hijacking
Criteria
Deletion of of the HKCU\Software\Classes\Folder\shell\Open\command subkey
APT3 |
||
The technique was not in scope. |