MITRE ATT&CK™ Analysis - T1546.015 Component Object Model Hijacking

less than 1 minute read

Component Object Model Hijacking Overview

An adversary is able to hijack COM references and relationships as a means for persistence by modifying specific registry keys.

Rundll32.exe executing an arbitrary executable through a malicious dll replacement.

T1122 - Component Object Hijacking 1

The end result is whenever a thumbnail is viewed, the calculator is executed on this host.

The DLLHost parent executable gives away the impacted CLSID (Com Object) registry key and we can use this to remediate the system.

T1122 - Component Object Hijacking 2

39 minute read

Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector

8 minute read

Analysis of Fakebat Malware a malware-as-a-service downloader

27 minute read

Analysis of Duvet Stealer, Electron-based malware designed to target Discord users

18 minute read

Analysis of an Xworm Loader which invokes a PowerShell script that retrieves a payload from the end of a picture