Gallmaker is a cyber espionage group that has targeted victims in the Middle East and has been active since at least December 2017. This group has primarily targeted victims in the defense, military, and government industries.

This is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.