Rule Info
Name
Suspicious Driver/DLL Installation Via Odbcconf.EXE
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects execution of "odbcconf" with the "INSTALLDRIVER" action where the driver doesn't contain a ".dll" extension. This is often used as a defense evasion method.
Date
2023-05-23 00:00:00
Modified
None
Id
cb0fe7c5-f3a3-484d-aa25-d350a7912729
Tags
attack.defense_evasion attack.t1218.008 DEMO
Type
Community Rule
Link to Public Repo