| ID | E1112 |
| Objective(s) | Defense Evasion, Persistence |
| Related ATT&CK Technique | Modify Registry |
Malware may make changes to the Windows Registry to hide execution or to persist on the system (note that ATT&CK does not extend this behavior to the Persistence objective).
See ATT&CK: Modify Registry.
| Name | Date | Description |
|---|---|---|
| TrickBot | 2016 | Trojan spyware program that has mainly been used for targeting banking sites. |
| Poison-Ivy | 2005 | After the Poison-Ivy server is running on the target machine, the attacker can use a Windows GUI client to control the target computer. [1] |
[1] https://www.cyber.nj.gov/threat-profiles/trojan-variants/poison-ivy