Matrices
Enterprise
Mobile
ICS
Tactics
Enterprise
Mobile
ICS
Techniques
Enterprise
Mobile
ICS
Defenses
Mitigations
Enterprise
Mobile
ICS
Assets
Detections
Detection Strategies
Analytics
Data Components
CTI
Groups
Software
Campaigns
Search
Unofficial community mirror of
attack.mitre.org
— content © The MITRE Corporation. For authoritative content, always refer to the official site.
Home
Data Components
Windows Registry Key Creation
Windows Registry Key Creation
Initial construction of a new registry key within the Windows operating system.
ID:
DC0056
Domains
: Enterprise
Version
: 2.0
Created
: 20 October 2021
Last Modified
: 12 November 2025
Log Sources
Name
Channel
WinEventLog:Sysmon
EventCode=12
Detection Strategy
ID
Name
Technique Detected
DET0496
Behavior-Chain Detection for Remote Access Tools (Tool-Agnostic)
T1219
DET0312
Detect Active Setup Persistence via StubPath Execution
T1547.014
DET0225
Detect unauthorized LSASS driver persistence via LSA plugin abuse (Windows)
T1547.008
DET0901
Detect Windows Firewall
T1686.003
DET0361
Detecting .NET COM Registration Abuse via Regsvcs/Regasm
T1218.009
DET0222
Detecting MMC (.msc) Proxy Execution and Malicious COM Activation
T1218.014
DET0194
Detection of Malicious Control Panel Item Execution via control.exe or Rundll32
T1218.002
DET0328
Detection of Malicious Profile Installation via CMSTP.exe
T1218.003
DET0422
Detection Strategy for IFEO Injection on Windows
T1546.012
DET0116
Detection Strategy for Safe Mode Boot Abuse
T1688
DET0056
Detection Strategy for Subvert Trust Controls via Install Root Certificate.
T1553.004
×
Core Objects:
All
Core ATT&CK Objects
All
None
Matrices
Tactics
Techniques
Sub-Techniques
Defenses:
All
Defenses
All
None
Mitigations
Assets
Detection Strategies
Analytics
Data Components
CTI:
All
CTI
All
None
Groups
Software
Campaigns
Reference:
All
Reference
All
None
Resources
Domains:
All
Domains
All
None
Enterprise
Mobile
ICS
Reset filters