Rule Library

Sigma Rules

3 rules found for "Tobias Michalski"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Emerging Threathightest

ADSelfService Exploitation

Detects suspicious access to URLs that was noticed in cases in which attackers exploitated the ADSelfService vulnerability CVE-2021-40539

cve.2021-40539detection.emerging-threatsTA0001 · Initial AccessT1190 · Exploit Public-Facing Application

Tobias Michalski+1Mon Sep 202021

Emerging Threathightest

Conti Volume Shadow Listing

Detects a command used by conti to find volume shadow backups

WindowsProcess Creation

T1587.001 · MalwareTA0042 · Resource Developmentdetection.emerging-threats

Max Altgelt (Nextron Systems)+1Mon Aug 092021

Emerging Threathightest

Conti NTDS Exfiltration Command

Detects a command used by conti to exfiltrate NTDS

WindowsProcess Creation

TA0009 · CollectionT1560 · Archive Collected Datadetection.emerging-threats

Max Altgelt (Nextron Systems)+1Mon Aug 092021