Hide Navigation Hide TOC

Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)

Implement configuration changes to software (other than the operating system) to mitigate security risks associated to how the software operates.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Web Cookies - T1606.001 (861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a)	Attack Pattern	1
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd)	Attack Pattern	1
Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0)	Attack Pattern	1
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	1
Unused/Unsupported Cloud Regions - T1535 (59bd0dec-f8b2-4b9a-9141-37a1e6899761)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74)	Attack Pattern	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da)	Attack Pattern	1
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc)	Attack Pattern	1
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	Container Service - T1543.005 (b0e54bf7-835e-4f44-bd8e-62f431b9b76a)	Attack Pattern	1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)	Course of Action	SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5)	Attack Pattern	1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c)	Attack Pattern	Web Cookies - T1606.001 (861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a)	Attack Pattern	2
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	2
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74)	Attack Pattern	Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd)	Attack Pattern	2
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814)	Attack Pattern	Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0)	Attack Pattern	2
Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0)	Attack Pattern	Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21)	Attack Pattern	2
Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d)	Attack Pattern	Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da)	Attack Pattern	2
Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7)	Attack Pattern	Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	2
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc)	Attack Pattern	2
PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839)	Attack Pattern	2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5)	Attack Pattern	Container Service - T1543.005 (b0e54bf7-835e-4f44-bd8e-62f431b9b76a)	Attack Pattern	2
SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5)	Attack Pattern	Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74)	Attack Pattern	2