Component Object Model Hijacking (T1122)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Component Object Model Hijacking

Associated Tactics

  • Defense Evasion
  • Persistence

Defense Evasion (TA0005)

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Microsoft. (n.d.). The Component Object Model. Retrieved August 18, 2016. Microsoft Component Object Model
G DATA. (2014, October). COM Object hijacking: the discreet way of persistence. Retrieved August 13, 2016. GDATA COM Hijacking
Ewing, P. Strom, B. (2016, September 15). How to Hunt: Detecting Persistence & Evasion with the COM. Retrieved September 15, 2016. Elastic COM Hijacking