Vendor
This rule detects the execution of AdFind.exe with specific command-line arguments used for reconnaissance, often associated with threat actors like Wizard Spider, FIN6, and groups linked to SUNBURST, who use it to enumerate domain controllers.