Sneed-Reactivity/yara-mikesxrs/phish me/PM_docx_with_vba_bin.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

14 lines
No EOL
252 B
Text

rule PM_docx_with_vba_bin
{
meta:
author="R.Tokazowski"
company="PhishMe, Inc."
URL="http://phishme.com/ms-word-macros-now-social-engineering-malware"
strings:
$a1 = "PK"
$a2 = "word/_rels/vbaProject.bin"
condition:
$a1 at 0 and $a2
}