logo

Introduction to COM usage by Windows threats

ID: aef37f65-3155-5586-9829-79fb785454f3

STIX ID: report--aef37f65-3155-5586-9829-79fb785454f3

Feed Name: Cisco Talos

Threat Score
60/100

Date Published: 2026-06-25

Date Updated: 2026-06-25

Author: Vanja Svajcer

...
...

This report explains how legitimate Windows COM/DCOM functionality is abused by malware, details manual and automated techniques for recovering COM class/interface/type information from binaries, lists tools and workflows for static and dynamic analysis, and demonstrates application through case studies (Qakbot, Gh0stRAT, Attor, WarmCookie) along with hunting guidance such as ProgIDs, CLSIDs/IIDs (including byte-order patterns) and example YARA rules.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.