Today I released a new tool named rtfsig. rtfsig is a simple Python utility that helps create signatures for malicious RTF documents.
The tool automatically generates YARA rules and makes suggestions for VirusTotal’s vtgrep based off potentially distinctive parts of RTF documents.