Skip to content

Hide Navigation Hide TOC

Suspicious GetTypeFromCLSID ShellExecute (8bc063d5-3a3a-4f01-a140-bc15e55e8437)

Detects suspicious Powershell code that execute COM Objects

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious GetTypeFromCLSID ShellExecute (8bc063d5-3a3a-4f01-a140-bc15e55e8437) Sigma-Rules Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2