Sneed-Reactivity/yara-mikesxrs/phish me/PM_docx_with_vba_bin.yar

rule PM_docx_with_vba_bin
{
meta:
    author="R.Tokazowski"
    company="PhishMe, Inc."
    URL="http://phishme.com/ms-word-macros-now-social-engineering-malware"

strings:
	$a1 = "PK"
	$a2 = "word/_rels/vbaProject.bin"
	
condition:
	$a1 at 0 and $a2
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule PM_docx_with_vba_bin`
			`{`
			`meta:`
			`author="R.Tokazowski"`
			`company="PhishMe, Inc."`
			`URL="http://phishme.com/ms-word-macros-now-social-engineering-malware"`

			`strings:`
			`$a1 = "PK"`
			`$a2 = "word/_rels/vbaProject.bin"`

			`condition:`
			`$a1 at 0 and $a2`
			`}`