Home/ MITRE Matrix/ Privilege Escalation/ T1546.015

T1546.015Component Object Model Hijacking

T1546.015 — Component Object Model Hijacking is a MITRE ATT&CK technique in the Privilege Escalation tactic. Clankerusecase tracks 7 detection use cases covering it and 2 threat-intel articles citing it.

Privilege EscalationPersistence

View on the matrix → Filter Detection Library MITRE official spec ↗

7Use cases

2Articles

0Sub-techniques

2Tactics

↑ Parent technique: T1546 · Event Triggered Execution

Use cases covering this technique (7)

Powershell COM Hijacking InprocServer32 Modification ESCU actions · alerting P Powershell Execute COM Object ESCU actions · alerting P Windows COM Hijacking InprocServer32 Modification ESCU actions · alerting P [LLM] Argamal COM Hijack of Windows Color System Calibration Loader CLSID Bespoke install · alerting DSΣPDDCS [LLM] Argamal MI_V / MI_V2 Environment Variable Stage Handoff Bespoke install · alerting DSΣPDDCS [LLM] Argamal Scheduled Task Pointing at AppData\Local DLL via Color System Calibration Loader Bespoke install · alerting DSΣPDDCS [LLM] Sednit COM-hijacking persistence via HKCU CLSID InprocServer32 to user-writable DLL Bespoke install · alerting DSΣPDDCS

Articles citing this technique (2)

high Argamal: Malware hidden in hentai games art-137

crit Sednit reloaded: Back in the trenches art-477