Reg

Reg is a Windows utility used to interact with the Windows Registry. It can be used at the command-line interface to query, add, modify, and remove information. [1]

Utilities such as Reg are known to be used by persistent threats. [2]

ID: S0075
Associated Software: reg.exe
Type: TOOL
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 13 October 2022

Techniques Used

Domain ID Name Use
Enterprise T1112 Modify Registry

Reg may be used to interact with and modify the Windows Registry of a local or remote system at the command-line interface.[1]

Enterprise T1012 Query Registry

Reg may be used to gather details from the Windows Registry of a local or remote system at the command-line interface.[1]

Enterprise T1552 .002 Unsecured Credentials: Credentials in Registry

Reg may be used to find credentials in the Windows Registry.[3]

Groups That Use This Software

Campaigns

ID Name Description
C0006 Operation Honeybee

[10]

References