Merge pull request #321 from sdu6342/master

Add Malicious_Documents/Maldoc_Suspicious_OLE_target.yar

Malicious_Documents/Maldoc_Suspicious_OLE_target.yar

+rule Maldoc_Suspicious_OLE_target {
+  meta:
+    description =  "Detects maldoc With Tartgeting Suspicuios OLE"
+    author = "Donguk Seo"
+    reference = "https://blog.malwarebytes.com/threat-analysis/2017/10/decoy-microsoft-word-document-delivers-malware-through-rat/"
+    filetype = "Office documents"
+    date = "2018-06-13"
+  strings:
+    $env1 = /oleObject".*Target=.*.http.*.doc"/
+    $env2 = /oleObject".*Target=.*.http.*.ppt"/
+    $env3 = /oleObject".*Target=.*.http.*.xlx"/
+  condition:
+    any of them
+}

Malicious_Documents_index.yar

@@ -18,3 +18,4 @@ include "./Malicious_Documents/Maldoc_VBA_macro_code.yar"
 include "./Malicious_Documents/Maldoc_Word_2007_XML_Flat_OPC.yar"
 include "./Malicious_Documents/Maldoc_malrtf_ole2link.yar"
 include "./Malicious_Documents/maldoc_somerules.yar"
+include "./Malicious_Documents/Maldoc_Suspicious_OLE_target.yar"