• Matrices
    Enterprise Mobile ICS
  • Tactics
    Enterprise Mobile ICS
  • Techniques
    Enterprise Mobile ICS
  • Defenses
    Mitigations
    Enterprise Mobile ICS
    Assets
    Detections
    Detection Strategies Analytics Data Components
  • CTI
    Groups Software Campaigns
  • Resources
    Get Started Learn More about ATT&CK ATT&CKcon ATT&CK Data & Tools FAQ Engage with ATT&CK Version History Updates Legal & Branding
  • Benefactors
  • Blog  External site
ATT&CK v18 has been released! Check out the blog post or changelog for more information.
  1. Home
  2. Data Components
  3. Windows Registry Key Creation

Windows Registry Key Creation

Initial construction of a new registry key within the Windows operating system.

ID: DC0056
Domains: Enterprise
Version: 2.0
Created: 20 October 2021
Last Modified: 12 November 2025

Log Sources

Name Channel
WinEventLog:Sysmon EventCode=12

Detection Strategy

ID Name Technique Detected
DET0496 Behavior-Chain Detection for Remote Access Tools (Tool-Agnostic) T1219
DET0312 Detect Active Setup Persistence via StubPath Execution T1547.014
DET0225 Detect unauthorized LSASS driver persistence via LSA plugin abuse (Windows) T1547.008
DET0361 Detecting .NET COM Registration Abuse via Regsvcs/Regasm T1218.009
DET0222 Detecting MMC (.msc) Proxy Execution and Malicious COM Activation T1218.014
DET0194 Detection of Malicious Control Panel Item Execution via control.exe or Rundll32 T1218.002
DET0328 Detection of Malicious Profile Installation via CMSTP.exe T1218.003
DET0422 Detection Strategy for IFEO Injection on Windows T1546.012
DET0317 Detection Strategy for Impair Defenses Across Platforms T1562
DET0116 Detection Strategy for Safe Mode Boot Abuse T1562.009
DET0056 Detection Strategy for Subvert Trust Controls via Install Root Certificate. T1553.004
×
Contact Us
Terms of Use
Privacy Policy
Website Changelog
Cookie Preferences
© 2015 - 2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.