create or modify Windows registry via WinAPI - Githubissues

mandiant / capa-rules

Standard collection of rules for capa: the tool for enumerating the capabilities of programs

https://github.com/mandiant/capa/

Apache License 2.0

539 stars 163 forks source link

create or modify Windows registry via WinAPI #321

Closed Ana06 closed 3 years ago

Ana06 commented 3 years ago

Rule name

create or modify Windows registry via WinAPI

Summary

Create Windows registry keys or values using the Windows API (WinAPI): https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-functions

Examples

Publicly available samples that contain the capability this rule should detect:

PMA 03-02

References

Links or references to additional information on the capability (can also be included in the rule):

Practical Malware Analysis
https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-functions

Namespace

Proposed namespace: host-interaction/registry. More details in https://github.com/fireeye/capa-rules/blob/master/doc/format.md#rule-namespace

att&ck

aka.mitre.att&ck.t1012

mr-tz commented 3 years ago

see create or open registry key, set registry value, delete registry value?

Ana06 commented 3 years ago

🙈