COM Object Hijacking Via Modification Of Default System CLSID Default Value

Rule Info

Name
COM Object Hijacking Via Modification Of Default System CLSID Default Value
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects potential COM object hijacking via modification of default system CLSID.
Date
2024-07-16 00:00:00
Modified
2024-10-18 00:00:00
Id
790317c0-0a36-4a6a-a105-6e576bf99a14
Tags
attack.persistence attack.t1546.015 DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
Mohamed Ashraf
feat: update multiple rules (#5055)
2024-10-25
Mohamed Ashraf
Merge PR #5026 from @X-Junior - Update `COM Object Hijacking Via Modification Of Default System CLSID Default Value`
2024-10-01
Nasreddine Bencherchali
Merge PR #4993 from @nasbench - Fix Issues
2024-09-02
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
Nasreddine Bencherchali
Merge PR #4888 from @nasbench - Add multiple new rules, updates and fixes
2024-07-17
Wagga
Merge PR #4524 from @wagga40 - Fix Typos In Metadata Fields
2023-10-28
Nasreddine Bencherchali
Merge PR #4427 from @nasbench - Multiple Fixes & Enhancements
2023-10-04
frack113
Refractor registry_set rules
2023-08-17
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-11
frack113
Order yaml field
2022-10-26
Nasreddine Bencherchali
Add %tmp% env variable
2022-09-13
Nasreddine Bencherchali
New Rules
2022-07-29