Merge PR #5126 from @MalGamy12 - Update `COM Object Hijacking Via Mod…

…ification Of Default System CLSID Default Value`

update: COM Object Hijacking Via Modification Of Default System CLSID Default Value - Add {603D3801-BD81-11d0-A3A5-00C04FD706EC}
---------

Co-authored-by: frack113 <[email protected]>

rules/windows/registry/registry_set/registry_set_persistence_com_hijacking_builtin.yml

@@ -12,9 +12,10 @@ references:
     - https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/
     - https://blog.talosintelligence.com/uat-5647-romcom/
     - https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/darkhotel-a-cluster-of-groups-united-by-common-techniques
+    - https://threatbook.io/blog/Analysis-of-APT-C-60-Attack-on-South-Korea
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2024-07-16
-modified: 2024-11-19
+modified: 2024-12-14
 tags:
     - attack.persistence
     - attack.t1546.015
@@ -39,6 +40,7 @@ detection:
             - '\{F82B4EF1-93A9-4DDE-8015-F7950A1A6E31}\'
             - '\{7849596a-48ea-486e-8937-a2a3009f31a9}\'
             - '\{0b91a74b-ad7c-4a9d-b563-29eef9167172}\'
+            - '\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\'
     selection_susp_location_1:
         Details|contains:
             # Note: Add more suspicious paths and locations