Home >
Enterprise >
Participants >
McAfee >
Modify Registry (T1112)
|
|
Carbanak+FIN7 |
||||||||
Step | ATT&CK Pattern |
|
||||||
3.A.2
|
Tactic Defense Evasion (TA0005) |
|
||||||
4.B.4
|
Tactic Defense Evasion (TA0005) |
|
||||||
10.A.5
|
Tactic Defense Evasion (TA0005) |
|
||||||
10.A.6
|
Tactic Defense Evasion (TA0005) |
|
APT29 |
||||
Step | ATT&CK Pattern |
|
||
3.C.1
|
Tactic Defense Evasion (TA0005) |
|
||
14.A.3
|
Tactic Defense Evasion (TA0005) |
|
Procedure
Modified the Registry to remove artifacts of COM hijacking
Criteria
Deletion of of the HKCU\Software\Classes\Folder\shell\Open\command subkey
APT3 |
||
The technique was not in scope. |