Tag

Dcom

4 briefs RSS

Incoming DCOM Lateral Movement with MMC

Detection of Distributed Component Object Model (DCOM) abuse to execute commands remotely via the MMC20 Application COM object, potentially indicating lateral movement.

Elastic Defend +1 lateral-movement dcom windows

2r 1t May 12, 2026

high advisory

Incoming DCOM Lateral Movement via MSHTA

2 rules 1 TTP

Detection of Distributed Component Object Model (DCOM) abuse to execute commands from a remote host via the HTA Application COM Object, potentially indicating lateral movement.

Windows lateral-movement dcom mshta

2r 1t May 12, 2026

medium advisory

DCOM Lateral Movement via ShellWindows/ShellBrowserWindow

2 rules 2 TTPs

This analytic identifies the use of Distributed Component Object Model (DCOM) to execute commands on a remote host, specifically when launched via ShellBrowserWindow or ShellWindows Application COM objects, indicating potential lateral movement by an attacker.

Windows lateral-movement dcom

2r 2t Jan 4, 2024

medium advisory

Suspicious Explorer Child Process via DCOM

2 rules 9 TTPs

Adversaries abuse the trusted status of explorer.exe to launch malicious scripts or executables, often using DCOM to start processes like PowerShell or cmd.exe, achieving initial access, defense evasion, and execution.

Microsoft Defender XDR +2 initial-access defense-evasion execution explorer.exe dcom

2r 9t Jan 2, 2024