Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Reg

Reg is a Windows utility used to interact with the Windows Registry. It can be used at the command-line interface to query, add, modify, and remove information. [1]

Utilities such as Reg are known to be used by persistent threats. [2]

ID: S0075
Aliases: Reg, reg.exe
Type: TOOL
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1214Credentials in RegistryReg may be used to find credentials in the Windows Registry.[3]
EnterpriseT1112Modify RegistryReg may be used to interact with and modify the Windows Registry of a local or remote system at the command-line interface.[1]
EnterpriseT1012Query RegistryReg may be used to gather details from the Windows Registry of a local or remote system at the command-line interface.[1]

Groups

Groups that use this software:

Dragonfly 2.0
Honeybee
OilRig
Rancor
Turla

References