Skip to content

Hide Navigation Hide TOC

PUA - Suspicious ActiveDirectory Enumeration Via AdFind.EXE (455b9d50-15a1-4b99-853f-8d37655a4c1b)

Detects active directory enumeration activity using known AdFind CLI flags

Cluster A Galaxy A Cluster B Galaxy B Level
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern PUA - Suspicious ActiveDirectory Enumeration Via AdFind.EXE (455b9d50-15a1-4b99-853f-8d37655a4c1b) Sigma-Rules 1
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 2