08e8d462fe
RED PILL 🔴 💊
14 lines
No EOL
252 B
Text
14 lines
No EOL
252 B
Text
rule PM_docx_with_vba_bin
|
|
{
|
|
meta:
|
|
author="R.Tokazowski"
|
|
company="PhishMe, Inc."
|
|
URL="http://phishme.com/ms-word-macros-now-social-engineering-malware"
|
|
|
|
strings:
|
|
$a1 = "PK"
|
|
$a2 = "word/_rels/vbaProject.bin"
|
|
|
|
condition:
|
|
$a1 at 0 and $a2
|
|
} |