Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Инструмент Reg
CVE уязвимости
БДУ ФСТЭК уязвимости
НКЦКИ уязвимости
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
Риски
Каталоги
MITRE ATT&CK
Инструмент
Reg
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

Reg

Reg is a Windows utility used to interact with the Windows Registry. It can be used at the command-line interface to query, add, modify, and remove information. (Citation: Microsoft Reg) Utilities such as Reg are known to be used by persistent threats. (Citation: Windows Commands JPCERT)
ID: S0075
Type: TOOL
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 13 Oct 2022

Techniques Used
Domain ID Name Use
Enterprise T1552 .002 Unsecured Credentials: Credentials in Registry

Reg may be used to find credentials in the Windows Registry.(Citation: Pentestlab Stored Credentials)

Groups That Use This Software
ID Name References
G0074 Dragonfly 2.0

(Citation: US-CERT TA18-074A)

G0075 Rancor

(Citation: Rancor Unit42 June 2018)

G0049 OilRig

(Citation: Palo Alto OilRig May 2016) (Citation: FireEye APT34 Dec 2017)

G0072 Honeybee

(Citation: McAfee Honeybee)

(Citation: McAfee Honeybee)

G1034 Daggerfly

(Citation: Symantec Daggerfly 2023)

G0035 Dragonfly

(Citation: US-CERT TA18-074A)

G0093 GALLIUM

(Citation: Cybereason Soft Cell June 2019)

G0010 Turla

(Citation: Kaspersky Turla)

G0047 Gamaredon Group

(Citation: unit42_gamaredon_dec2022)

G1017 Volt Typhoon

(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024)

References

  1. Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
  2. US-CERT. (2018, March 16). Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved June 6, 2018.
  3. Microsoft. (2012, April 17). Reg. Retrieved May 1, 2015.
  4. Tomonaga, S. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016.
  5. netbiosX. (2017, April 19). Stored Credentials. Retrieved April 6, 2018.
  6. Ash, B., et al. (2018, June 26). RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families. Retrieved July 2, 2018.
  7. Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.
  8. Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.
  9. Threat Hunter Team. (2023, April 20). Daggerfly: APT Actor Targets Telecoms Company in Africa. Retrieved July 25, 2024.
  10. Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.
  11. Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.
  12. Unit 42. (2022, December 20). Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine. Retrieved September 12, 2024.
  13. CISA et al.. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved May 15, 2024.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.