TM

Tobias Michalski

First rule: Sun Mar 05 2017 01:00:00 GMT+0100 (Central European Standard Time)

Commits on SigmaHQ Pull Requests

Share profile card

0rules authored

5sole author

10co-authored

Top Log Sources

windows / process_creation

windows / registry_set

windows / msexchange-management

Rule Types

12 emerging threat

By Severity

critical

0

high

12

medium

3

low

0

informational

0

By Status

stable

0

test

15

experimental

0

deprecated

0

unsupported

0

0

Total Rules

0

Stable Rules

0

High / Critical

0

Log Source Types

Recent RulesAll rules →

Malicious PowerShell Commandlets - ScriptBlock

Sun Mar 05 2017 01:00:00 GMT+0100 (Central European Standard Time)

Potential Persistence Via Outlook Home Page

Wed Jun 09 2021 02:00:00 GMT+0200 (Central European Summer Time)

Potential Persistence Via Outlook Today Page

Thu Jun 10 2021 02:00:00 GMT+0200 (Central European Summer Time)

Sensitive File Access Via Volume Shadow Copy Backup

Mon Aug 09 2021 02:00:00 GMT+0200 (Central European Summer Time)

CrashControl CrashDump Disabled

Thu Feb 24 2022 01:00:00 GMT+0100 (Central European Standard Time)

mediumDetection

Copy From VolumeShadowCopy Via Cmd.EXE

Mon Aug 09 2021 02:00:00 GMT+0200 (Central European Summer Time)

Browse all 15 rules by Tobias Michalski

Filter the full rule library to see only their contributions