Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) |
Attack Pattern |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
1 |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
1 |
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
1 |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc) |
Attack Pattern |
1 |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
1 |
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) |
Attack Pattern |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
1 |
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) |
Attack Pattern |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
1 |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
1 |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
1 |
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) |
Attack Pattern |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
1 |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04) |
Attack Pattern |
1 |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
1 |
Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8) |
Attack Pattern |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
1 |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) |
Attack Pattern |
1 |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) |
Attack Pattern |
1 |
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) |
Attack Pattern |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
1 |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
1 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
1 |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) |
Attack Pattern |
1 |
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Restrict Registry Permissions - M1024 (a2c36a5d-4058-475e-8e77-fff75e50d3b9) |
Course of Action |
1 |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) |
Attack Pattern |
2 |
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) |
Attack Pattern |
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc) |
Attack Pattern |
2 |
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) |
Attack Pattern |
Logon Script (Windows) - T1037.001 (eb125d40-0b2d-41ac-a71a-3229241c2cd3) |
Attack Pattern |
2 |
Code Signing Policy Modification - T1553.006 (565275d5-fcc3-4b66-b4e7-928e4cac6b8c) |
Attack Pattern |
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
2 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) |
Attack Pattern |
2 |
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) |
Attack Pattern |
Network Provider DLL - T1556.008 (90c4a591-d02d-490b-92aa-619d9701ac04) |
Attack Pattern |
2 |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) |
Attack Pattern |
2 |
Terminal Services DLL - T1505.005 (379809f6-2fac-42c1-bd2e-e9dee70b27f8) |
Attack Pattern |
Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb) |
Attack Pattern |
2 |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
Clear Network Connection History and Configurations - T1070.007 (3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc) |
Attack Pattern |
2 |
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) |
Attack Pattern |
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) |
Attack Pattern |
2 |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) |
Attack Pattern |
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) |
Attack Pattern |
2 |
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) |
Attack Pattern |
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) |
Attack Pattern |
2 |