Suspicious Recursive Takeown (554601fb-9b71-4bcc-abf4-21a611be4fde)

Adversaries can interact with the DACLs using built-in Windows commands takeown which can grant adversaries higher permissions on specific files and folders

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	Suspicious Recursive Takeown (554601fb-9b71-4bcc-abf4-21a611be4fde)	Sigma-Rules	1
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee)	Attack Pattern	File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196)	Attack Pattern	2