Hide Navigation Hide TOC

Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)

Initial construction of a new Registry Key (ex: Windows EID 4656 or Sysmon EID 12)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Browser Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Windows Registry Key Creation (7f70fae7-a68d-4730-a83a-f260b9606129)	mitre-data-component	1
Add-ins - T1137.006 (34f1d81d-fe88-4f97-bd3b-a3164536255d)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Fileless Storage - T1027.011 (02c5abff-30bf-4703-ab92-1f6072fae939)	Attack Pattern	2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	2
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	2
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32)	Attack Pattern	Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67)	Attack Pattern	2