Home >
Enterprise >
Participants >
Bitdefender >
Modify Registry (T1112)
|
|
Carbanak+FIN7 |
||||||||
Step | ATT&CK Pattern |
|
||||||
3.A.2
|
Tactic Defense Evasion (TA0005) |
|
||||||
4.B.4
|
Tactic Defense Evasion (TA0005) |
|
||||||
10.A.5
|
Tactic Defense Evasion (TA0005) |
|
||||||
10.A.6
|
Tactic Defense Evasion (TA0005) |
|
APT29 |
||||
Step | ATT&CK Pattern |
|
||
3.C.1
|
Tactic Defense Evasion (TA0005) |
|
||
14.A.3
|
Tactic Defense Evasion (TA0005) |
|
Procedure
Modified the Registry to remove artifacts of COM hijacking
Criteria
Deletion of of the HKCU\Software\Classes\Folder\shell\Open\command subkey
Footnotes
- The logic for this detection was enabled after the start of the evaluation so the detection is identified as a Detection Configuration Change.

