PUA - AdFind Suspicious Execution (9a132afa-654e-11eb-ae93-0242ac130002)

Detects AdFind execution with common flags seen used during attacks

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
PUA - AdFind Suspicious Execution (9a132afa-654e-11eb-ae93-0242ac130002)	Sigma-Rules	Domain Trust Discovery - T1482 (767dbf9e-df3f-45cb-8998-4903ab5f80c0)	Attack Pattern	1
PUA - AdFind Suspicious Execution (9a132afa-654e-11eb-ae93-0242ac130002)	Sigma-Rules	Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	1
PUA - AdFind Suspicious Execution (9a132afa-654e-11eb-ae93-0242ac130002)	Sigma-Rules	Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	1
PUA - AdFind Suspicious Execution (9a132afa-654e-11eb-ae93-0242ac130002)	Sigma-Rules	Remote System Discovery - T1018 (e358d692-23c0-4a31-9eb6-ecc13a8d7735)	Attack Pattern	1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af)	Attack Pattern	Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08)	Attack Pattern	2
Domain Groups - T1069.002 (2aed01ad-3df3-4410-a8cb-11ea4ded587c)	Attack Pattern	Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce)	Attack Pattern	2