Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)

Restrict the ability to modify certain hives or keys in the Windows Registry.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	1
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9)	Course of Action	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	1
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c)	Attack Pattern	2
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04)	Attack Pattern	2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8)	Attack Pattern	2
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc)	Attack Pattern	Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc)	Attack Pattern	2
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3)	Attack Pattern	2