Skip to content

Hide Navigation Hide TOC

Suspicious Response File Execution Via Odbcconf.EXE (2d32dd6f-3196-4093-b9eb-1ad8ab088ca5)

Detects execution of "odbcconf" with the "-f" flag in order to load a response file with a non-".rsp" extension.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Response File Execution Via Odbcconf.EXE (2d32dd6f-3196-4093-b9eb-1ad8ab088ca5) Sigma-Rules Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071) Attack Pattern 1
Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2