New lateral movement techniques abuse DCOM technology
Tags
attack-pattern: Data Direct Model Add-Ins - T1137.006 Appdomainmanager - T1574.014 Component Object Model - T1559.001 Distributed Component Object Model - T1021.003 Inter-Process Communication - T1559 Mmc - T1218.014 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Vulnerabilities - T1588.006 Distributed Component Object Model - T1175 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID 9f60010e-433e-4dc2-b28e-6e85ba46d67c
Fingerprint 3029c9172de48580
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 25, 2018, midnight
Added to db Jan. 18, 2023, 11:01 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline New lateral movement techniques abuse DCOM technology
Title New lateral movement techniques abuse DCOM technology
Detected Hints/Tags/Attributes 61/1/14
Source URLs
Redirection Url
Details Source https://www.cybereason.com/blog/dcom-lateral-movement-techniques
URL Provider
Details Provider Source level domain
Details cybereason.com www.cybereason.com
Attributes
Details Type #Events CTI Value
Details Domain 39 
xxx.xxx.xxx.xxx
Details Domain 372 
wscript.shell
Details File 10 
rpcss.dll
Details File 92 
c:\windows\system32\svchost.exe
Details File 2126 
cmd.exe
Details File 54 
mmc.exe
Details File 1260 
explorer.exe
Details File 185 
shell32.dll
Details File 27 
jscript.dll
Details File 23 
vbscript.dll
Details File 9 
vbe7.dll
Details File 5 
scrrun.dll
Details File 312 
calc.exe
Details Windows Registry Key 18 
HKCU\Software\Microsoft\Office