diff --git a/Yara/APT/MALWARE_APT29_SVG_Delivery_Jul23.yar b/Yara/APT/MALWARE_APT29_SVG_Delivery_Jul23.yar
new file mode 100755
index 0000000..e0ba82e
--- /dev/null
+++ b/Yara/APT/MALWARE_APT29_SVG_Delivery_Jul23.yar
@@ -0,0 +1,32 @@
+rule MALWARE_APT29_SVG_Delivery_Jul23
+{
+    meta:
+        author = "SECUINFRA Falcon Team (@SI_FalconTeam)"
+        description = "Detects Javascript code in crafted SVG files delivering malware"
+        reference = "https://twitter.com/StopMalvertisin/status/1677192618118369280"
+        date = "2023-07-07"
+        tlp = "CLEAR"
+        hash = "4875a9c4af3044db281c5dc02e5386c77f331e3b92e5ae79ff9961d8cd1f7c4f"
+
+    strings:
+        $xml_tag = {3c 3f 78 6d 6c}
+        $svg_tag = {3c 73 76 67}
+
+        $js_tag = "<script"
+        $js_mimeJS = "text/javascript"
+        $js_mimeOS = "application/octet-stream"
+        $js_create = "URL.createObjectURL("
+        $js_window = "window.location.assign("
+        $js_revoke = "URL.revokeObjectURL("
+        $js_file = "new File("
+        $js_remote = "window.location.href("
+
+        $atom_mime = "application/atom+xml"
+
+    condition:
+        $xml_tag at 0x0
+        and $svg_tag
+        and not $atom_mime
+        and filesize > 500KB
+        and 4 of ($js_*)
+}