Skip to content

Instantly share code, notes, and snippets.

View DissectMalware's full-sized avatar

Malwrologist DissectMalware

View GitHub Profile
@JohnLaTwC
JohnLaTwC / OOMLExcel4.0Macro.yara
Created April 15, 2020 19:17
OOML Excel 4.0 macro
rule gen_ModernExcel4Macro
{
meta:
description = "Detects Modern Excel4 macro use"
author = "John Lambert @JohnLaTwC"
date = "2020-04-15"
hash1 = "308c0fee671459705221c5f1a8cee944f5ea803fddd0faa620cc8266d48c662b"
hash2 = "618fee2c2f89a4f15b680e1ca9393d25c857e6d107fa0eb45b1a21c7601f975e"
reference1 = "https://twitter.com/DissectMalware/status/1250411834953420808"
strings: