ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	File and Directory Permissions Modification - T1222
Category	Attack-Pattern
Type	Mitre-Attack-Pattern
Misp Type	Cluster
Description	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.(Citation: Hybrid Analysis Icacls1 June 2018)(Citation: Hybrid Analysis Icacls2 May 2018) File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.). Modifications may include changing specific access rights, which may require taking ownership of a file or directory and/or elevated permissions depending on the file or directory’s existing permissions. This may enable malicious activity such as modifying, replacing, or deleting specific files or directories. Specific file and directory modifications may be a required step for many techniques, such as establishing Persistence via [Accessibility Features](https://attack.mitre.org/techniques/T1546/008), [Boot or Logon Initialization Scripts](https://attack.mitre.org/techniques/T1037), [Unix Shell Configuration Modification](https://attack.mitre.org/techniques/T1546/004), or tainting/hijacking other instrumental binary/configuration files via [Hijack Execution Flow](https://attack.mitre.org/techniques/T1574). Adversaries may also change permissions of symbolic links. For example, malware (particularly ransomware) may modify symbolic links and associated settings to enable access to files from local shortcuts with remote paths.(Citation: new_rust_based_ransomware)(Citation: bad_luck_blackcat)(Citation: falconoverwatch_blackcat_attack)(Citation: blackmatter_blackcat)(Citation: fsutil_behavior)

Details		Published	Attributes	Title
Details	Website	2023-04-19	15	Malware Analysis - amadey - 6c625ae5690fbf96083a1389f3732694 - RedPacket Security
Details	Website	2023-04-19	13	Malware Analysis - amadey - 6f686d4e4e225ddf5606a0886b146bde - RedPacket Security
Details	Website	2023-04-19	7	Malware Analysis - discovery - 4090fac4bdc62d444d48786667ac89fd - RedPacket Security
Details	Website	2023-04-18	7	Malware Analysis - amadey - db51558dc4bf55de672371a810bf65fa - RedPacket Security
Details	Website	2023-04-17	11	Malware Analysis - djvu - 013e7b9f96797555fa6207a31ea66a60 - RedPacket Security
Details	Website	2023-04-17	11	Malware Analysis - djvu - 7928c50cae4ebd08e65423ff46c4e9b0 - RedPacket Security
Details	Website	2023-04-16	15	UNKNOWN
Details	Website	2023-04-16	16	Malware Analysis - amadey - 2cd65f24e1ef47b1c27daf46f55c9351 - RedPacket Security
Details	Website	2023-04-15	11	Malware Analysis - djvu - 1dd758012876b986897fa4ecc12660e3 - RedPacket Security
Details	Website	2023-04-15	16	Malware Analysis - amadey - 25e4492533c31df8c81938100d1a89b5 - RedPacket Security
Details	Website	2023-04-03	26	ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access \| Mandiant
Details	Website	2023-04-01	11	Malware Analysis - djvu - 8c17dca7ea605fc37a624331ac72e65e - RedPacket Security
Details	Website	2023-04-01	11	Malware Analysis - djvu - cf9172551150d9e54626a48bc4d7a196 - RedPacket Security
Details	Website	2023-04-01	11	Malware Analysis - djvu - c84ad96950dc9a5ccab4ad204c46e359 - RedPacket Security
Details	Website	2023-04-01	55	The Rise of FusionCore An Emerging Cybercrime Group from Europe - CYFIRMA
Details	Website	2023-03-30	11	Malware Analysis - djvu - ca4c8c98cbf461f832cbf2764c82a5bd - RedPacket Security
Details	Website	2023-03-30	17	Malware Analysis - amadey - 32962e720a69b0ea507f89962cdacfac - RedPacket Security
Details	Website	2023-03-30	17	Malware Analysis - amadey - 474154bf80eeca7d3be7614bea80b4b8 - RedPacket Security
Details	Website	2023-03-29	11	Malware Analysis - djvu - a2813d8a07a0bfe6ab8d8f5f3e486bd6 - RedPacket Security
Details	Website	2023-03-29	11	Malware Analysis - djvu - 7f7af90a656514364fc769f4ba85ebf1 - RedPacket Security
Details	Website	2023-03-29	8	Malware Analysis - djvu - 8b52be4221750ba22b73867d77f514a8 - RedPacket Security
Details	Website	2023-03-29	15	Malware Analysis - amadey - bb827f6d5b1d086843fa951b69b8e702 - RedPacket Security
Details	Website	2023-03-29	11	Malware Analysis - djvu - 15a5bb819748cdec8893209495776408 - RedPacket Security
Details	Website	2023-03-29	11	Malware Analysis - djvu - afd8945316aedd2fb57dd654431c26ba - RedPacket Security
Details	Website	2023-03-29	15	Malware Analysis - amadey - 941ebdb94364e7958adc8638cb5dd933 - RedPacket Security