Suspicious LDAP-Attributes Used (d00a9a72-2c09-4459-ad03-5e0a23351e36)

Detects the usage of particular AttributeLDAPDisplayNames, which are known for data exchange via LDAP by the tool LDAPFragger and are additionally not commonly used in companies.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Suspicious LDAP-Attributes Used (d00a9a72-2c09-4459-ad03-5e0a23351e36)	Sigma-Rules	1
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	2