In this diary entry, I introduce an updated version of the YARA rule I presented in diary entry “Simple YARA Rules for Office Maldocs” for OOXML files with VBA code. Here is the OOXML YARA rule I presented yesterday:
Article Link: InfoSec Handlers Diary Blog