T1012 - Query Registry
Tattiche:
Discovery
Discovery
Piattaforme:
Windows
Windows
Rilevamento:
Not specified
Not specified
Description:
Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
The Registry contains a significant amount of information about the operating system, configuration, software, and security.(Citation: Wikipedia Windows Registry) Information can easily be queried using the [Reg](https://attack.mitre.org/software/S0075) utility, though other means to access the Registry exist. Some of the information may help adversaries to further their operation within a network. Adversaries may use the information from [Query Registry](https://attack.mitre.org/techniques/T1012) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
The Registry contains a significant amount of information about the operating system, configuration, software, and security.(Citation: Wikipedia Windows Registry) Information can easily be queried using the [Reg](https://attack.mitre.org/software/S0075) utility, though other means to access the Registry exist. Some of the information may help adversaries to further their operation within a network. Adversaries may use the information from [Query Registry](https://attack.mitre.org/techniques/T1012) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Usato da Attori (19)
Turla
Nation-state
Nation-state
Lazarus Group
Nation-state
Nation-state
Stealth Falcon
Nation-state
Nation-state
OilRig
Nation-state
Nation-state
Gamaredon Group
Unknown
Unknown
APT32
Nation-state
Nation-state
Kimsuky
Nation-state
Nation-state
INDRIK SPIDER
Unknown
Unknown
APT39
Unknown
Unknown
APT41
Nation-state
Nation-state
Fox Kitten
Unknown
Unknown
Volt Typhoon
Unknown
Unknown
Dragonfly
Unknown
Unknown
Daggerfly
Unknown
Unknown
Chimera
Unknown
Unknown
BlackByte
Unknown
Unknown
Threat Group-3390
Unknown
Unknown
ZIRCONIUM
Unknown
Unknown
Lotus Blossom
Unknown
Unknown
Malware (20)
SynAck other
Bumblebee other
Proxysvc other
Stuxnet other
POWRUNER other
Ursnif other
POWERSOURCE other
Zeus Panda other
Bankshot other
Brave Prince other
TinyTurla other
Crimson other
TEARDROP other
DUSTTRAP other
PUBLOAD other
Woody RAT other
Mafalda other
HOPLIGHT other
WastedLocker other
InvisiMole other
Metadata
| MITRE ID: | T1012 |
| STIX ID: | attack-pattern--c32f7008-9fea-... |
| Piattaforme: | Windows |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |