Invocation of Active Directory Diagnostic Tool (ntdsutil.exe) (2afafd61-6aae-4df4-baed-139fa1f4c345)

Detects execution of ntdsutil.exe, which can be used for various attacks against the NTDS database (NTDS.DIT)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	Invocation of Active Directory Diagnostic Tool (ntdsutil.exe) (2afafd61-6aae-4df4-baed-139fa1f4c345)	Sigma-Rules	1
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2