COM Objects Hijacking

This report analyzes how threat actors and malware families abuse Windows COM hijacking (MITRE T1546.015) for persistence and privilege escalation, enumerating commonly abused CLSIDs, sample behavior from families like Berbew and multiple RATs (Remcos, AsyncRAT, BitRAT, DarkMe), common payload locations, and providing IoCs plus Sigma/Livehunt detection rules to support detection and hunting.