Suspicious Usage Of Active Directory Diagnostic Tool (ntdsutil.exe) (a58353df-af43-4753-bad0-cd83ef35eef5)

Detects execution of ntdsutil.exe to perform different actions such as restoring snapshots...etc.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Suspicious Usage Of Active Directory Diagnostic Tool (ntdsutil.exe) (a58353df-af43-4753-bad0-cd83ef35eef5)	Sigma-Rules	NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	1
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2