Rule Library
Sigma Rules
2 rules found for "GuLoader"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathightest
Potential NetWire RAT Activity - Registry
Detects registry keys related to NetWire RAT
WindowsRegistry Add
Christopher PeacockThu Oct 072021
Emerging Threathightest
Injected Browser Process Spawning Rundll32 - GuLoader Activity
Detects the execution of installed GuLoader malware on the host. GuLoader is initiating network connections via the rundll32.exe process that is spawned via a browser parent(injected) process.
WindowsProcess Creation
kostastsaleMon Aug 072023