Sneed-Reactivity/yara-mikesxrs/phish me/Cryptowall_docx_macro.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

18 lines
No EOL
348 B
Text

/*
Description: None
Priority: 5
Scope: Against Attachment
Tags: None
URL:http://phishme.com/using-yara-to-break-cryptowall-phishing/
Created in PhishMe's Triage on September 14, 2015 2:35 PM
*/
rule docx_macro
{
strings:
$header="PK"
$vbaStrings="word/vbaProject.bin" nocase
condition:
$header at 0 and $vbaStrings
}