Update action.py

Add a new detect rule is named “已知Outlook模板宏持久化行为”.

Server/rules/py/action.py

@@ -1,4 +1,11 @@
 rule = [
+    {
+        'rules': [
+            'action == "filecreate" and targetfilename =~ "c:\\users\\.*\\appdata\\roaming\\microsoft\\outlook\\vbaproject.otm"'
+        ],
+        'score': 300,
+        'name': '已知Outlook模板宏持久化行为'
+    },
     {
         'rules': [
             'action == "processaccess" and targetimage =~ ".*lsass.exe" and grantedaccess & 0x0010 and sourceimage =~ ".*rundll32.exe"',