YARA Rule for OOXML Maldocs: Less False Positives, (Tue, Nov 23rd)

In this diary entry, I introduce an updated version of the YARA rule I presented in diary entry “Simple YARA Rules for Office Maldocs” for OOXML files with VBA code. Here is the OOXML YARA rule I presented yesterday:

Article Link: InfoSec Handlers Diary Blog