Esc
Query Registry - T1012

(ATT&CK® Technique)
Definition

Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
D3FEND Inferred Relationships

Browse the D3FEND knowledge graph by clicking on the nodes below.
        graph LR;

     T1012["Query Registry"] --> |accesses| SystemConfigurationDatabase["System Configuration Database"]; class T1012 OffensiveTechniqueNode;
        class SystemConfigurationDatabase ArtifactNode; click SystemConfigurationDatabase href "/dao/artifact/d3f:SystemConfigurationDatabase";
        click T1012 href "/offensive-technique/attack/T1012/"; click SystemConfigurationDatabase href "/dao/artifact/d3f:SystemConfigurationDatabase"; T1012["Query Registry"] --> |may-invoke| GetSystemConfigValue["Get System Config Value"]; class T1012 OffensiveTechniqueNode;
        class GetSystemConfigValue ArtifactNode; click GetSystemConfigValue href "/dao/artifact/d3f:GetSystemConfigValue";
        click T1012 href "/offensive-technique/attack/T1012/"; click GetSystemConfigValue href "/dao/artifact/d3f:GetSystemConfigValue";                          SystemCallAnalysis["System Call Analysis"] -->
          | analyzes | GetSystemConfigValue["Get System Config Value"];

          SystemCallAnalysis["System Call Analysis"] -.->
            | may-detect | T1012["Query Registry"] ;
          class SystemCallAnalysis DefensiveTechniqueNode;
          class GetSystemConfigValue ArtifactNode;
          click SystemCallAnalysis href "/technique/d3f:SystemCallAnalysis"; SystemConfigurationPermissions["System Configuration Permissions"] -->
          | restricts | SystemConfigurationDatabase["System Configuration Database"];

          SystemConfigurationPermissions["System Configuration Permissions"] -.->
            | may-harden | T1012["Query Registry"] ;
          class SystemConfigurationPermissions DefensiveTechniqueNode;
          class SystemConfigurationDatabase ArtifactNode;
          click SystemConfigurationPermissions href "/technique/d3f:SystemConfigurationPermissions";                            RestoreDatabase["Restore Database"] -->
          | restores | SystemConfigurationDatabase["System Configuration Database"];

          RestoreDatabase["Restore Database"] -.->
            | may-restore | T1012["Query Registry"] ;
          class RestoreDatabase DefensiveTechniqueNode;
          class SystemConfigurationDatabase ArtifactNode;
          click RestoreDatabase href "/technique/d3f:RestoreDatabase";                           SystemCallFiltering["System Call Filtering"] -->
          | filters | GetSystemConfigValue["Get System Config Value"];

          SystemCallFiltering["System Call Filtering"] -.->
            | may-isolate | T1012["Query Registry"] ;
          class SystemCallFiltering DefensiveTechniqueNode;
          class GetSystemConfigValue ArtifactNode;
          click SystemCallFiltering href "/technique/d3f:SystemCallFiltering";
json