PUA - AdFind.EXE Execution (514e7e3e-b3b4-4a67-af60-be20f139198b)

Detects execution of Adfind.exe utility, which can be used for reconnaissance in an Active Directory environment

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	PUA - AdFind.EXE Execution (514e7e3e-b3b4-4a67-af60-be20f139198b)	Sigma-Rules	1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2