rule: meta: name: set global application hook namespace: host-interaction/gui authors: - michael.hunhoff@mandiant.com scope: basic block features: - and: - api: user32.SetWindowsHookEx - number: 0x3 = WM_GETMESSAGE - number: 0x0 = dwThreadId