(CAPA) CAPA_Hook_Injection
rule:
meta:
name: set global application hook
namespace: host-interaction/gui
authors:
- michael.hunhoff@mandiant.com
scope: basic block
features:
- and:
- api: user32.SetWindowsHookEx
- number: 0x3 = WM_GETMESSAGE
- number: 0x0 = dwThreadId
Associated Techniques
No associated technique found so far.
Created
December 6, 2022
Last Revised
December 6, 2022