Skip to content

Hide Navigation Hide TOC

Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067)

Implement configuration changes to software (other than the operating system) to mitigate security risks associated to how the software operates.

Cluster A Galaxy A Cluster B Galaxy B Level
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern 1
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) Attack Pattern Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Steal Web Session Cookie - T1539 (10ffac09-e42d-4f56-ab20-db94c67d76ff) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 1
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action 1
Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497) Attack Pattern Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action 1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action 1
Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action 1
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) Attack Pattern Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action 1
Unused/Unsupported Cloud Regions - T1535 (59bd0dec-f8b2-4b9a-9141-37a1e6899761) Attack Pattern Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 1
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803) Attack Pattern Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern 1
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Container Service - T1543.005 (b0e54bf7-835e-4f44-bd8e-62f431b9b76a) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) Attack Pattern 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Web Cookies - T1606.001 (861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a) Attack Pattern 1
Software Configuration - M1054 (b5dbb4c5-b0b1-40b1-80b6-e9e84ab90067) Course of Action Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 1
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) Attack Pattern Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) Attack Pattern 2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53) Attack Pattern Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a) Attack Pattern 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Web Session Cookie - T1550.004 (c3c8c916-2f3c-4e71-94b2-240bdfc996f0) Attack Pattern 2
Downgrade Attack - T1562.010 (824add00-99a1-4b15-9a2d-6c5683b7b497) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Password Managers - T1555.005 (315f51f0-6b03-4c1e-bfb2-84740afb8e21) Attack Pattern 2
Dynamic Data Exchange - T1559.002 (232a7e42-cd6e-4902-8fe9-2960f529dd4d) Attack Pattern Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern 2
Indicator Blocking - T1562.006 (74d2a63f-3c7b-4852-92da-02d8fbab16da) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 2
Spearphishing Attachment - T1598.002 (8982a661-d84c-48c0-b4ec-1db29c6cf3bc) Attack Pattern Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a) Attack Pattern 2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern PowerShell Profile - T1546.013 (0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3) Attack Pattern 2
Install Root Certificate - T1553.004 (c615231b-f253-4f58-9d47-d5b4cbdb6839) Attack Pattern Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Container Service - T1543.005 (b0e54bf7-835e-4f44-bd8e-62f431b9b76a) Attack Pattern 2
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) Attack Pattern SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) Attack Pattern 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
Forge Web Credentials - T1606 (94cb00a4-b295-4d06-aa2b-5653b9c1be9c) Attack Pattern Web Cookies - T1606.001 (861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a) Attack Pattern 2