T1218.008: Odbcconf

View on MITRE ATT&CK T1218.008
Tactic(s) Defense Evasion

Data from MITRE ATT&CK®:

Adversaries may abuse odbcconf.exe to proxy execution of malicious payloads. Odbcconf.exe is a Windows utility that allows you to configure Open Database Connectivity (ODBC) drivers and data source names.(Citation: Microsoft odbcconf.exe) The Odbcconf.exe binary may be digitally signed by Microsoft.

Adversaries may abuse odbcconf.exe to bypass application control solutions that do not account for its potential abuse. Similar to Regsvr32, odbcconf.exe has a REGSVR flag that can be misused to execute DLLs (ex: odbcconf.exe /S /A {REGSVR "C:\Users\Public\file.dll"}). (Citation: LOLBAS Odbcconf)(Citation: TrendMicro Squiblydoo Aug 2017)(Citation: TrendMicro Cobalt Group Nov 2017)

© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Cyber Threat Graph Context

Explore how this ATT&CK Technique relates to the wider threat graph

Mitigations for this technique

MITRE ATT&CK Mitigations

How to detect this technique

MITRE ATT&CK Data Components

Control Validation Tests for this Technique

Use Atomic Red Team tests to test your defenses against this technique.

Sigma Detections for this Technique

SP800-53 Controls

See which controls can help protect against this MITRE ATT&CK technique. This is based on mappings to associated SP800-53 controls produced by the MITRE Engenuity Center for Threat-Informed Defense.

Node
CM-7: Least Functionality
CM-11: User-installed Software
CM-6: Configuration Settings
SI-10: Information Input Validation
SI-3: Malicious Code Protection
SI-4: System Monitoring
SI-7: Software, Firmware, and Information Integrity
CM-8: System Component Inventory
SI-16: Memory Protection
RA-5: Vulnerability Monitoring and Scanning
CM-2: Baseline Configuration