ioc[.]one - OSINT Cyber Threat Intelligence Database

Hunting for Persistence: Registry Run Keys / Startup Folder

Tags

maec-delivery-vectors:

Watering Hole

attack-pattern:

Data Application Shimming - T1546.011 File Deletion - T1070.004 File Deletion - T1630.002 Firmware - T1592.003 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Doppelgänging - T1055.013 Process Hollowing - T1055.012 Registry Run Keys / Startup Folder - T1547.001 Software - T1592.002 Tool - T1588.002 Application Shimming - T1138 File Deletion - T1107 Powershell - T1086 Process Doppelgänging - T1186 Process Hollowing - T1093 Registry Run Keys / Start Folder - T1060

Show in Graph

Common Information

Type	Value
UUID	2559599d-1208-49e0-809e-ab02734c14c1
Fingerprint	362c927e21a9c8cb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 19, 2024, midnight
Added to db	Aug. 31, 2024, 5:18 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Hunting for Persistence: Registry Run Keys / Startup Folder
Title	Hunting for Persistence: Registry Run Keys / Startup Folder
Detected Hints/Tags/Attributes	47/2/14

Source URLs

	Redirection	Url
Details	Source	https://intel471.com/blog/hunting-for-persistence-registry-run-keys-startup-folder

URL Provider

Details	Provider	Source level domain
Details	intel471.com	intel471.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	138	✔	Intel471	https://intel471.com/blog/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	2		rollingstone.com
Details	File	79		regedit.exe
Details	MITRE ATT&CK Techniques	380		T1547.001
Details	Threat Actor Identifier - APT	53		APT39
Details	Threat Actor Identifier - APT	522		APT41
Details	Threat Actor Identifier - FIN	377		FIN7
Details	Windows Registry Key	582		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	480		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Details	Windows Registry Key	493		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	470		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Details	Windows Registry Key	10		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Details	Windows Registry Key	11		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Details	Windows Registry Key	5		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell
Details	Windows Registry Key	5		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User