Com

This rule detects potential command and control activity where Internet Explorer (iexplore.exe) is started via the Component Object Model (COM) and makes unusual network connections, indicating adversaries might exploit Internet Explorer via COM to evade detection and bypass host-based firewall restrictions.

This threat brief details a UAC bypass technique leveraging the Internet Explorer Add-On Installer (ieinstal.exe) and Component Object Model (COM) to execute arbitrary code with elevated privileges.