
Rule Info
Tags
attack.defense_evasion DEMO attack.t1218.008
Name
Suspicious Driver/DLL Installation Via Odbcconf.EXE
Id
cb0fe7c5-f3a3-484d-aa25-d350a7912729
Date
2023-05-23 00:00:00
Modified
None
Description
Detects execution of "odbcconf" with the "INSTALLDRIVER" action where the driver doesn't contain a ".dll" extension. This is often used as a defense evasion method.
Author
Nasreddine Bencherchali (Nextron Systems)
Type
Community Rule
Link to Public Repo
Rule History
Title
Author
Commit
Date