Skip to content

Hide Navigation Hide TOC

Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)

Restoring an software configuration.

Cluster A Galaxy A Cluster B Galaxy B Level
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Cloud Service Dashboard - T1538 (e49920b0-6c54-40c1-9571-73723653205f) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc) Attack Pattern 1
Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb) MITRE D3FEND Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 1
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf) Attack Pattern 2
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9) Attack Pattern 2
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff) Attack Pattern Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 2
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern 2
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f) Attack Pattern Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0) Attack Pattern 2
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21) Attack Pattern Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern 2
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44) Attack Pattern 2
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59) Attack Pattern 2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 2
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe) Attack Pattern 2
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3) Attack Pattern 2