1. Home
  2. ATT&CK Techniques
  3. T1218.008 Odbcconf

T1218.008 Odbcconf Mappings

Adversaries may abuse odbcconf.exe to proxy execution of malicious payloads. Odbcconf.exe is a Windows utility that allows you to configure Open Database Connectivity (ODBC) drivers and data source names.(Citation: Microsoft odbcconf.exe) Odbcconf.exe is digitally signed by Microsoft.

Adversaries may abuse odbcconf.exe to bypass application control solutions that do not account for its potential abuse. Similar to Regsvr32, odbcconf.exe has a <code>REGSVR</code> flag that can be misused to execute DLLs (ex: <code>odbcconf.exe /S /A &lbrace;REGSVR "C:\Users\Public\file.dll"&rbrace;</code>). (Citation: LOLBAS Odbcconf)(Citation: TrendMicro Squiblydoo Aug 2017)(Citation: TrendMicro Cobalt Group Nov 2017)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CM-2 Baseline Configuration Protects T1218.008 Odbcconf
CM-6 Configuration Settings Protects T1218.008 Odbcconf
CM-7 Least Functionality Protects T1218.008 Odbcconf
CM-8 System Component Inventory Protects T1218.008 Odbcconf
RA-5 Vulnerability Monitoring and Scanning Protects T1218.008 Odbcconf
SI-10 Information Input Validation Protects T1218.008 Odbcconf
SI-4 System Monitoring Protects T1218.008 Odbcconf
SI-7 Software, Firmware, and Information Integrity Protects T1218.008 Odbcconf
action.hacking.variety.Abuse of functionality Abuse of functionality related-to T1218.008 Signed Binary Proxy Execution: Odbcconf