#T1012 Query Registry

Technique

  • Tactics: Discovery
  • Description:

    Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.

    The Registry contains a significant amount of information about the operating system, configuration, software, and security.(Citation: Wikipedia Windows Registry) Information can easily be queried using the Reg utility, though other means to access the Registry exist. Some of the information may help adversaries to further their operation within a network. Adversaries may use the information from Query Registry during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

  • First Seen: Lazarus Group • 2017-05-31
MITRE ATT&CK

Tagged Reports

2025-08-13
Cyfirma
#Lazarus #T1090.001 #T1134.002 #T1562.001 #T1543.003 #T1059.003 #T1553.002 #T1614.001 #T1074.001 #T1485 #T1591 #T1218.011 #T1620 #T1078 #T1587.001 #T1027.007 #T1010 #T1571 #T1090.002 #T1218.010 #T1542.003 #T1583.001 #T1033 #T1497.001 #T1560.002 #T1203 #T1036 #T1012 #T1016 #T1059.005 #T1106 #T1027 #T1566.003 #T1027.002 #T1562.004 #T1529 #T1049 #T1140 #T1585.001 #T1005 #T1053.005 #T1564.001 #T1608.001 #T1105 #T1046 #T1491.001 #T1055.001 #T1070 #T1589.002 #T1036.005 #T1110 #T1547.009 #T1489 #T1110.003 #T1534 #T1047 #T1573 #T1588.004 #T1104 #T1036.003 #T1591.004 #T1001.003 #T1057 #T1082 #T1561.002 #T1566.001 #T1574.013 #T1561.001 #T1608.002 #T1585.002 #T1218 #T1588.002 #T1036.004 #T1204.001 #T1041 #T1560 #T1202 #T1071.001 #T1218.005 #T1059.001 #T1593.001 #T1189 #T1124 #T1056.001 #T1070.006 #T1008 #T1102.002 #T1048.003 #T1583.006 #T1221 #T1557.001 #T1098 #T1547.001 #T1567.002 #T1584.004 #T1087.002 #T1070.004 #T1560.003 #T1070.003 #T1583.004 #T1132.001 #T1588.003 #T1021.002 #T1204.002 #T1220 #T1574.002 #T1083 #T1566.002 #T1021.001 #T1021.004 #T1584.001
2025-08-06
Any Run
#ClickFix #FamousChollima #PylangGhost #T1012 #T1059 #T1083 #T1036
2025-02-12
Cyfirma
#APT43 #T1055.012 #T1562.001 #T1190 #T1587 #T1543.003 #T1059.003 #T1074.001 #T1553.002 #T1591 #T1218.011 #T1587.001 #T1588.005 #T1598.003 #T1594 #T1218.010 #T1557 #T1007 #T1583.001 #T1555.003 #T1036 #T1012 #T1016 #T1059.005 #T1027 #T1071.002 #T1027.002 #T1562.004 #T1111 #T1003.001 #T1140 #T1585.001 #T1005 #T1114.003 #T1053.005 #T1608.001 #T1105 #T1114.002 #T1589.002 #T1036.005 #T1534 #T1078.003 #T1552.001 #T1560.001 #T1136.001 #T1057 #T1082 #T1550.002 #T1518.001 #T1176 #T1566.001 #T1071.003 #T1585.002 #T1588.002 #T1036.004 #T1204.001 #T1586.002 #T1041 #T1219 #T1589.003 #T1071.001 #T1564.002 #T1112 #T1218.005 #T1059.001 #T1593.001 #T1040 #T1546.001 #T1056.001 #T1070.006 #T1102.002 #T1583.006 #T1564.003 #T1098 #T1593.002 #T1547.001 #T1567.002 #T1059.007 #T1070.004 #T1560.003 #T1505.003 #T1583.004 #T1204.002 #T1055 #T1059.006 #T1083 #T1133 #T1566.002 #T1021.001 #T1584.001
2024-09-12
Cyfirma
#Kimsuky #T1055.012 #T1562.001 #T1190 #T1587 #T1543.003 #T1059.003 #T1074.001 #T1553.002 #T1591 #T1218.011 #T1587.001 #T1588.005 #T1598.003 #T1594 #T1218.010 #T1557 #T1007 #T1583.001 #T1555.003 #T1036 #T1012 #T1016 #T1059.005 #T1027 #T1071.002 #T1027.002 #T1562.004 #T1111 #T1003.001 #T1140 #T1585.001 #T1005 #T1114.003 #T1053.005 #T1608.001 #T1105 #T1114.002 #T1589.002 #T1036.005 #T1534 #T1078.003 #T1552.001 #T1560.001 #T1136.001 #T1057 #T1082 #T1550.002 #T1518.001 #T1176 #T1566.001 #T1071.003 #T1585.002 #T1588.002 #T1036.004 #T1204.001 #T1586.002 #T1041 #T1219 #T1589.003 #T1071.001 #T1564.002 #T1112 #T1218.005 #T1059.001 #T1593.001 #T1040 #T1546.001 #T1056.001 #T1070.006 #T1102.002 #T1583.006 #T1564.003 #T1098 #T1593.002 #T1547.001 #T1567.002 #T1059.007 #T1070.004 #T1560.003 #T1505.003 #T1583.004 #T1204.002 #T1055 #T1059.006 #T1083 #T1133 #T1566.002 #T1021.001 #T1584.001
2024-07-31
Attack IQ
#Andariel #Blacksmith #T1562 #T1069 #T1047 #T1012 #T1016 #T1018 #T1543.003 #T1136.001 #T1654 #T1057 #T1082 #T1518.001 #T1003.001 #T1098 #T1049 #T1105 #T1087 #T1083 #T1033 #T1003
2024-07-19
Cyfirma
#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus #T1562.001 #T1190 #T1068 #T1543.003 #T1056 #T1595.002 #T1059.003 #T1566 #T1485 #T1218.011 #T1069.002 #T1010 #T1571 #T1102.001 #T1583.001 #T1555.003 #T1033 #T1497.001 #T1203 #T1036 #T1012 #T1027 #T1583.003 #T1071 #T1562.004 #T1614 #T1027.005 #T1548 #T1552 #T1140 #T1005 #T1053.005 #T1564.001 #T1555 #T1129 #T1070.001 #T1046 #T1070 #T1095 #T1569.002 #T1562 #T1573 #T1047 #T1552.001 #T1057 #T1082 #T1518.001 #T1176 #T1090 #T1518 #T1539 #T1041 #T1564 #T1560 #T1202 #T1071.001 #T1547 #T1112 #T1497 #T1059.001 #T1124 #T1056.001 #T1222 #T1070.006 #T1059 #T1564.003 #T1222.001 #T1056.004 #T1547.001 #T1584 #T1087.002 #T1070.004 #T1505.003 #T1113 #T1608.005 #T1204.002 #T1087 #T1574.002 #T1115 #T1083 #T1490 #T1053 #T1486 #T1566.002 #T1133 #T1021.004 #T1003
2024-03-30
haidragon
#Kimsuky #TODDLERSHARK #T1060 #T1112 #T1012 #T1064 #T1059 #T1082
2024-03-21
Secu I
#APT37 #RokRAT #LNK #T1573 #T1203 #T1036 #T1012 #T1106 #T1027 #T1564.003 #T1071 #T1057 #T1082 #T1485 #T1027.004 #T1548 #T1564.001 #T1564 #T1560 #T1202 #T1070 #T1497 #T1059.001 #T1033 #T1059 #T1003
2023-04-28
Ahnlab
#SupplyChain #3CXDesktopApp #SmoothOperator #T1012 #T1574.002 #T1071.001
2023-04-20
Mandiant
#SupplyChain #UNC4736 #YARA #3CXDesktopApp #SmoothOperator #X_Trader #UNC4469 #UNC3782 #T1573 #T1190 #T1608 #T1036 #T1012 #T1588.004 #T1027 #T1622 #T1071 #T1565.001 #T1082 #T1574 #T1614 #T1614.001 #T1620 #T1140 #T1608.003 #T1070.004 #T1036.001 #T1195 #T1071.004 #T1070.001 #T1105 #T1071.001 #T1195.002 #T1588 #T1055 #T1574.002 #T1070 #T1112 #T1083 #T1565 #T1497 #T1573.002 #T1497.001
2023-04-14
Attack IQ
#SupplyChain #3CXDesktopApp #SmoothOperator #T1055 #T1069.001 #T1543.003 #T1012 #T1016.001 #T1547.002 #T1087.001 #T1620 #T1049 #T1105 #T1071.001 #T1070.006 #T1574.001 #T1057 #T1082
2023-03-28
Threat Mon
#APT37 #Chinotto #T1059.003 #T1012 #T1010 #T1027.005 #T1129 #T1027 #T1056.001 #T1564.003 #T1059
2023-02-23
ESET
#Wslink #T1134.002 #T1012 #T1016 #T1106 #T1057 #T1082 #T1614 #T1614.001 #T1087.001 #T1135 #T1049 #T1087.002 #T1005 #T1070.004 #T1587.001 #T1531 #T1083 #T1059.001 #T1033 #T1560.002
2023-02-02
With Secure
#Whitepaper #NoPineapple #DTrack #GREASE #Zimbra #T1090.001 #T1136 #T1190 #T1012 #T1016 #T1106 #T1018 #T1071 #T1070.007 #T1057 #T1082 #T1119 #T1556 #T1037.005 #T1003.001 #T1553 #T1049 #T1087.002 #T1078 #T1070.004 #T1587.002 #T1053.005 #T1041 #T1505.003 #T1560 #T1071.001 #T1090.002 #T1083 #T1114.002 #T1033 #T1036.005 #T1021.001 #T1074 #T1059 #T1569.002
2023-01-05
Attack IQ
#Trend #DreamJob #Inception #MagicRAT #Sharpshooter #ThreatNeedle #T1025 #T1047 #T1012 #T1016 #T1543.003 #T1057 #T1082 #T1552.002 #T1074.001 #T1572 #T1218.011 #T1547.001 #T1049 #T1003.002 #T1053.005 #T1041 #T1048.001 #T1105 #T1071.001 #T1220 #T1046 #T1218.010 #T1055 #T1112 #T1083 #T1007 #T1033 #T1036.005 #T1003
« Back