Potential Persistence Via COM Hijacking From Suspicious Locations (3d968d17-ffa4-4bc0-bfdc-f139de76ce77)

Detects potential COM object hijacking where the "Server" (In/Out) is pointing to a suspicious or unsuale location

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Potential Persistence Via COM Hijacking From Suspicious Locations (3d968d17-ffa4-4bc0-bfdc-f139de76ce77)	Sigma-Rules	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae)	Attack Pattern	2