System Information Discovery via Registry Queries

Rule Info

Name
System Information Discovery via Registry Queries
Author
lazarg
Description
Detects attempts to query system information directly from the Windows Registry.
Reference
https://cert.gov.ua/article/6277849
Date
2025-06-12 00:00:00
Modified
None
Id
0022869c-49f7-4ff2-ba03-85ac42ddac58
Tags
attack.discovery attack.t1082
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=0022869c-49f7-4ff2-ba03-85ac42ddac58

Rule History

Author
Title
Date
Commit
lazarg
Merge PR #5243 from @xlazarg - System Information Discovery via Registry Queries
2025-06-12
dca02df74
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022