Skip to content

Hide Navigation Hide TOC

PUA - AdFind.EXE Execution (514e7e3e-b3b4-4a67-af60-be20f139198b)

Detects execution of Adfind.exe utility, which can be used for reconnaissance in an Active Directory environment

Cluster A Galaxy A Cluster B Galaxy B Level
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern PUA - AdFind.EXE Execution (514e7e3e-b3b4-4a67-af60-be20f139198b) Sigma-Rules 1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2