Removal of Potential COM Hijacking Registry Keys (96f697b0-b499-4e5d-9908-a67bec11cdb6)
Detects any deletion of entries in ".*\shell\open\command" registry keys. These registry keys might have been used for COM hijacking activities by a threat actor or an attacker and the deletion could indicate steps to remove its tracks.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) | Attack Pattern | Removal of Potential COM Hijacking Registry Keys (96f697b0-b499-4e5d-9908-a67bec11cdb6) | Sigma-Rules | 1 |