Introduction to COM usage by Windows threats
ID: aef37f65-3155-5586-9829-79fb785454f3
STIX ID: report--aef37f65-3155-5586-9829-79fb785454f3
Feed Name: Cisco Talos
Threat Score
This report explains how legitimate Windows COM/DCOM functionality is abused by malware, details manual and automated techniques for recovering COM class/interface/type information from binaries, lists tools and workflows for static and dynamic analysis, and demonstrates application through case studies (Qakbot, Gh0stRAT, Attor, WarmCookie) along with hunting guidance such as ProgIDs, CLSIDs/IIDs (including byte-order patterns) and example YARA rules.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
