Skip to content

Hide Navigation Hide TOC

Registry Modification for OCI DLL Redirection (c0e0bdec-3e3d-47aa-9974-05539c999c89)

Detects registry modifications related to 'OracleOciLib' and 'OracleOciLibPath' under 'MSDTC' settings. Threat actors may modify these registry keys to redirect the loading of 'oci.dll' to a malicious DLL, facilitating phantom DLL hijacking via the MSDTC service.

Cluster A Galaxy A Cluster B Galaxy B Level
Registry Modification for OCI DLL Redirection (c0e0bdec-3e3d-47aa-9974-05539c999c89) Sigma-Rules DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
Registry Modification for OCI DLL Redirection (c0e0bdec-3e3d-47aa-9974-05539c999c89) Sigma-Rules Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2