Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)

Restoring an software configuration.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Cloud Service Discovery - T1526 (e24fcba8-2557-4442-a139-1ee2f2e784db)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Cloud Service Dashboard - T1538 (e49920b0-6c54-40c1-9571-73723653205f)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	Restore Configuration (63433457-ee95-551c-ad4f-b1b22c1816eb)	MITRE D3FEND	1
Emond - T1546.014 (9c45eaa3-8604-4780-8988-b5074dbb9ecd)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Control Panel - T1218.002 (4ff5d6a8-c062-4c68-a778-36fc5edd564f)	Attack Pattern	2
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84)	Attack Pattern	Password Filter DLL - T1556.002 (3731fbcd-0e43-47ae-ae6c-d15e510f0d42)	Attack Pattern	2
Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0)	Attack Pattern	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	2
Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a)	Attack Pattern	2
Office Test - T1137.002 (ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a)	Attack Pattern	Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Office Template Macros - T1137.001 (79a47ad0-fc3b-4821-9f01-a026b1ddba21)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Impair Command History Logging - T1562.003 (8f504411-cb96-4dac-a537-8d2bb7679c59)	Attack Pattern	2
Safe Mode Boot - T1562.009 (28170e17-8384-415c-8486-2e6b294cb803)	Attack Pattern	Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	2
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	2
Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3)	Attack Pattern	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	2
Accessibility Features - T1546.008 (70e52b04-2a0c-4cea-9d18-7149f1df9dc5)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	2
Authentication Package - T1547.002 (b8cfed42-6a8a-4989-ad72-541af74475ec)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	RC Scripts - T1037.004 (dca670cf-eeec-438f-8185-fd959d9ef211)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c)	Attack Pattern	2
Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334)	Attack Pattern	Startup Items - T1037.005 (c0dfe7b0-b873-4618-9ff8-53e31f70907f)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	2
Winlogon Helper DLL - T1547.004 (6836813e-8ec8-4375-b459-abb388cb1a35)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c)	Attack Pattern	Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	2
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023)	Attack Pattern	Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48)	Attack Pattern	2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Home Page - T1137.004 (bf147104-abf9-4221-95d1-e81585859441)	Attack Pattern	2
Office Application Startup - T1137 (2c4d4e92-0ccf-4a97-b54c-86d662988a53)	Attack Pattern	Outlook Rules - T1137.005 (3d1b9d7e-3921-4d25-845a-7d9f15c0da44)	Attack Pattern	2
Security Support Provider - T1547.005 (5095a853-299c-4876-abd7-ac0050fb5462)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83)	Attack Pattern	2
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed)	Attack Pattern	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b)	Attack Pattern	2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	Setuid and Setgid - T1548.001 (6831414d-bb70-42b7-8030-d4e06b2660c9)	Attack Pattern	2
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd)	Attack Pattern	2
Port Monitors - T1547.010 (43881e51-ac74-445b-b4c6-f9f9e9bf23fe)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	Email Hiding Rules - T1564.008 (0cf55441-b176-4332-89e7-2c4c7799d0ff)	Attack Pattern	2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	SIP and Trust Provider Hijacking - T1553.003 (543fceb5-cb92-40cb-aacf-6913d4db58bc)	Attack Pattern	2
Time Providers - T1547.003 (61afc315-860c-4364-825d-0d62b2e91edc)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	COR_PROFILER - T1574.012 (ffeb0780-356e-4261-b036-cfb6bd234335)	Attack Pattern	2