The Windows Registry Adventure #5: The regf file format
Tags
attack-pattern: | Data Direct Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 |
Common Information
Type | Value |
---|---|
UUID | 65e8b549-b4bb-4c02-b5e7-95ccfee59ee8 |
Fingerprint | 765b401794a7e285 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Dec. 19, 2024, 11:03 a.m. |
Added to db | Dec. 21, 2024, 3:29 a.m. |
Last updated | Dec. 21, 2024, 4:22 a.m. |
Headline | Project Zero |
Title | The Windows Registry Adventure #5: The regf file format |
Detected Hints/Tags/Attributes | 86/1/40 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 130 | ✔ | Project Zero | https://googleprojectzero.blogspot.com/feeds/posts/default | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 4 | cve-2022-37988 |
|
Details | CVE | 15 | cve-2024-43452 |
|
Details | CVE | 14 | cve-2023-35386 |
|
Details | CVE | 11 | cve-2023-38154 |
|
Details | CVE | 4 | cve-2022-38037 |
|
Details | CVE | 8 | cve-2023-35357 |
|
Details | CVE | 8 | cve-2023-35358 |
|
Details | CVE | 5 | cve-2023-35633 |
|
Details | CVE | 1 | cve-2015-0073 |
|
Details | CVE | 3 | cve-2019-0881 |
|
Details | CVE | 1 | cve-2024-26178 |
|
Details | CVE | 4 | cve-2023-21748 |
|
Details | CVE | 6 | cve-2023-23420 |
|
Details | CVE | 4 | cve-2023-21747 |
|
Details | CVE | 5 | cve-2022-37956 |
|
Details | CVE | 2 | cve-2024-26182 |
|
Details | CVE | 3 | cve-2022-34708 |
|
Details | CVE | 3 | cve-2022-35768 |
|
Details | CVE | 4 | cve-2022-34707 |
|
Details | CVE | 4 | cve-2023-28248 |
|
Details | CVE | 10 | cve-2023-35356 |
|
Details | CVE | 13 | cve-2023-35382 |
|
Details | CVE | 2 | cve-2023-38139 |
|
Details | CVE | 15 | cve-2024-43641 |
|
Details | CVE | 1 | cve-2024-26173 |
|
Details | CVE | 4 | cve-2022-37991 |
|
Details | CVE | 1 | cve-2024-26176 |
|
Details | Domain | 2 | proto.hiv |
|
Details | File | 139 | ntoskrnl.exe |
|
Details | File | 15 | settings.dat |
|
Details | File | 2 | activationstore.dat |
|
Details | File | 2 | offreg.dll |
|
Details | File | 15 | activeds.dll |
|
Details | File | 193 | reg.exe |
|
Details | File | 1 | _cm_key_value.dat |
|
Details | Windows Registry Key | 3 | HKLM\HARDWARE |
|
Details | Windows Registry Key | 1 | HKLM\BCD00000000 |
|
Details | Windows Registry Key | 53 | HKLM\Software\Microsoft\Windows |
|
Details | Windows Registry Key | 18 | HKLM\Software |
|
Details | Windows Registry Key | 42 | HKLM\System\CurrentControlSet\Control\Session |