1. Home
  2. ATT&CK Techniques
  3. T1218.008 Odbcconf

T1218.008 Odbcconf

Adversaries may abuse odbcconf.exe to proxy execution of malicious payloads. Odbcconf.exe is a Windows utility that allows you to configure Open Database Connectivity (ODBC) drivers and data source names.(Citation: Microsoft odbcconf.exe) The Odbcconf.exe binary may be digitally signed by Microsoft.

Adversaries may abuse odbcconf.exe to bypass application control solutions that do not account for its potential abuse. Similar to Regsvr32, odbcconf.exe has a <code>REGSVR</code> flag that can be misused to execute DLLs (ex: <code>odbcconf.exe /S /A &lbrace;REGSVR "C:\Users\Public\file.dll"&rbrace;</code>). (Citation: LOLBAS Odbcconf)(Citation: TrendMicro Squiblydoo Aug 2017)(Citation: TrendMicro Cobalt Group Nov 2017)

View in MITRE ATT&CK®

CRI Profile Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
PR.PS-05.02 Mobile code prevention Mitigates T1218.008 Odbcconf
Comments
Mobile code procedures address specific actions taken to prevent the development, acquisition, and introduction of unacceptable mobile code within organizational systems, including requiring mobile code to be digitally signed by a trusted source.
References

    NIST 800-53 Mappings

    Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
    CM-06 Configuration Settings mitigates T1218.008 Odbcconf
    CM-11 User-installed Software mitigates T1218.008 Odbcconf
    SI-16 Memory Protection mitigates T1218.008 Odbcconf
    RA-05 Vulnerability Monitoring and Scanning mitigates T1218.008 Odbcconf
    CM-08 System Component Inventory mitigates T1218.008 Odbcconf
    SI-10 Information Input Validation mitigates T1218.008 Odbcconf
    SI-03 Malicious Code Protection mitigates T1218.008 Odbcconf
    SI-07 Software, Firmware, and Information Integrity mitigates T1218.008 Odbcconf
    CM-02 Baseline Configuration mitigates T1218.008 Odbcconf
    CM-07 Least Functionality mitigates T1218.008 Odbcconf
    SI-04 System Monitoring mitigates T1218.008 Odbcconf

    VERIS Mappings

    Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
    action.hacking.variety.Abuse of functionality Abuse of functionality. related-to T1218.008 Odbcconf