detection.wiki

Detection rules › Sigma

DNS Server Error Failed Loading the ServerLevelPluginDLL

Severity
high
Author
Florian Roth (Nextron Systems)
Source
upstream

Detects a DNS server error in which a specified plugin DLL (in registry) could not be loaded

MITRE ATT&CK coverage

TacticTechniques
PersistenceT1574.001 Hijack Execution Flow: DLL
Privilege EscalationT1574.001 Hijack Execution Flow: DLL
Defense EvasionT1574.001 Hijack Execution Flow: DLL

Event coverage

ProviderEvent IDTitle
DNS-Server-Service150The DNS server could not load or initialize the plug-in DLL Name.
DNS-Server-Service770A DNS server plugin DLL has been loaded from location param1 on server param2.
DNS-Server-Service771The V1 plugin interface has been implemented in server level plugin DLL.

Stages and Predicates

Stage 1: selection