COM Object Hijacking Via Modification Of Default System CLSID Default Value

Rule Info

Name

COM Object Hijacking Via Modification Of Default System CLSID Default Value

Author

Nasreddine Bencherchali (Nextron Systems)

Description

Detects potential COM object hijacking via modification of default system CLSID.

Reference

https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/ (idea)

Date

2024-07-16 00:00:00

Modified

None

790317c0-0a36-4a6a-a105-6e576bf99a14

Rule History

Author

Title

Date

Commit

Nasreddine Bencherchali

Merge PR #4993 from @nasbench - Fix Issues

2024-09-02

b86a494f5

Nasreddine Bencherchali

Merge PR #4950 from @nasbench - Comply With v2 Spec Changes

2024-08-12

598d29f81

Nasreddine Bencherchali

Merge PR #4888 from @nasbench - Add multiple new rules, updates and fixes

2024-07-17

313578eea

Wagga

Merge PR #4524 from @wagga40 - Fix Typos In Metadata Fields

2023-10-28

8bf328219

Nasreddine Bencherchali

Merge PR #4427 from @nasbench - Multiple Fixes & Enhancements

2023-10-04

e230acd7e

frack113

Refractor registry_set rules

2023-08-17

bb2aea7c4

Nasreddine Bencherchali

chore: add nextron authors tag

2023-02-01

7c38a5c49

Nasreddine Bencherchali

feat: updates and enhancements

2023-01-11

28a3413aa

frack113

Order yaml field

2022-10-26

940f89d43

Nasreddine Bencherchali

Add %tmp% env variable

2022-09-13

8a504bee9

Nasreddine Bencherchali

New Rules

2022-07-29

43f952269