T1218.008 - Odbcconf - MITRE ATT&CK - Cyber Threat Intelligence

T1218.008 - Odbcconf

Sub-technique

Tattiche:
Defense Evasion

Piattaforme:
Windows

Rilevamento:
Not specified

Description:

Adversaries may abuse odbcconf.exe to proxy execution of malicious payloads. Odbcconf.exe is a Windows utility that allows you to configure Open Database Connectivity (ODBC) drivers and data source names.(Citation: Microsoft odbcconf.exe) The Odbcconf.exe binary may be digitally signed by Microsoft.

Adversaries may abuse odbcconf.exe to bypass application control solutions that do not account for its potential abuse. Similar to [Regsvr32](https://attack.mitre.org/techniques/T1218/010), odbcconf.exe has a <code>REGSVR</code> flag that can be misused to execute DLLs (ex: <code>odbcconf.exe /S /A {REGSVR "C:\Users\Public\file.dll"}</code>). (Citation: LOLBAS Odbcconf)(Citation: TrendMicro Squiblydoo Aug 2017)(Citation: TrendMicro Cobalt Group Nov 2017)

Usato da Attori (1)

Cobalt Group
Unknown

Malware (2)

Bumblebee other Raspberry Robin other

Metadata

MITRE ID:	T1218.008
STIX ID:	attack-pattern--6e3bd510-6b33-...
Piattaforme:	Windows
Created:	13/01/2026 17:48
Updated:	14/03/2026 04:00