
Rule Info
Name
New DLL Registered Via Odbcconf.EXE
Author
Kirill Kiryanov, Beyu Denis, Daniil Yugoslavskiy, oscd.community, Nasreddine Bencherchali (Nextron Systems)
Description
Detects execution of "odbcconf" with "REGSVR" in order to register a new DLL (equivalent to running regsvr32). Attackers abuse this to install and run malicious DLLs.
Date
2023-05-22 00:00:00
Modified
None
Id
9f0a8bf3-a65b-440a-8c1e-5cb1547c8e70
Tags
attack.defense-evasion attack.t1218.008
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
github-actions[bot]
Merge PR #4791 from @nasbench - Promote older rules status from `experimental` to `test`
2024-04-01