Skip to content

Hide Navigation Hide TOC

DCOM InternetExplorer.Application Iertutil DLL Hijack - Security (c39f0c81-7348-4965-ab27-2fde35a1b641)

Detects a threat actor creating a file named iertutil.dll in the C:\Program Files\Internet Explorer\ directory over the network for a DCOM InternetExplorer DLL Hijack scenario.

Cluster A Galaxy A Cluster B Galaxy B Level
DCOM InternetExplorer.Application Iertutil DLL Hijack - Security (c39f0c81-7348-4965-ab27-2fde35a1b641) Sigma-Rules SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 1
DCOM InternetExplorer.Application Iertutil DLL Hijack - Security (c39f0c81-7348-4965-ab27-2fde35a1b641) Sigma-Rules Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 1
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) Attack Pattern 2
Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern Distributed Component Object Model - T1021.003 (68a0c5ed-bee2-4513-830d-5b0d650139bd) Attack Pattern 2