T1222.001

Windows File and Directory Permissions Modification

Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.(Citation: Hybrid Analysis Icacls1 June 2018)(Citation: Hybrid Analysis Icacls2 May 2018) File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which acti...

Windows

Detections

Sources

Threat Actors

BY SOURCE

17splunk_escu3sigma2elastic

PROCEDURES (10)

Authentication Monitoring6 detections

Auto-extracted: 6 detections for authentication monitoring

General Monitoring6 detections

Auto-extracted: 6 detections for general monitoring

Privilege3 detections

Auto-extracted: 3 detections for privilege

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Remote1 detections

Auto-extracted: 1 detections for remote

Persist1 detections

Auto-extracted: 1 detections for persist

Privilege1 detections

Auto-extracted: 1 detections for privilege

Persist1 detections

Auto-extracted: 1 detections for persist

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

Remote1 detections

Auto-extracted: 1 detections for remote

THREAT ACTORS (2)

Storm-1811 Wizard Spider

DETECTIONS (22)

AD Object WriteDAC Access