Hide Navigation Hide TOC

Potential COM Objects Download Cradles Usage - Process Creation (02b64f1b-3f33-4e67-aede-ef3b0a5a8fcf)

Detects usage of COM objects that can be abused to download files in PowerShell by CLSID

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	Potential COM Objects Download Cradles Usage - Process Creation (02b64f1b-3f33-4e67-aede-ef3b0a5a8fcf)	Sigma-Rules	1