JohnLaTwC

rule gen_injected_template_Word
{
    meta:
        description = "Detects injected templates in DOCX"
        author = "John Lambert @JohnLaTwC"
        date = "2020-05-03"
        hash1 = "a3eca35d14b0e020444186a5faaba5997994a47af08580521f808b1bb83d6063"
        hash2 = "a275dfa95393148bb9e0ddf5346f9fedcc9c87fa2ec3ce1ec875843664c37c89"
        hash3 = "ed4835e5fd10bbd2be04c5ea9eb2b8e750aff2ef235de6e0f18d369469f69c83"
        file_protocol_hash1 = "ac6c1df3895af63b864bb33bf30cb31059e247443ddb8f23517849362ec94f08 (settings.xml.rels)"