apooxml
Generate YARA rules for OOXML documents using ZIP local header metadata. To learn more about this tool and the methodology behind it, check out the accompanying blog here.
Usage
➜ python3 apooxml.py -h
usage: apooxml.py [-h] [-a AUTHOR] [-n NAME] [-o OUT] sample
Generate YARA rules for OOXML documents.
positional arguments:
sample OOXML document to generate YARA rule from.
optional arguments:
-h, --help show this help message and exit
-a AUTHOR, --author AUTHOR
YARA rule author.
-n NAME, --name NAME YARA rule name.
-o OUT, --out OUT YARA rule file name.
1 Dec 19, 2021
3 May 03, 2022
3 Oct 02, 2021
185 Dec 13, 2022
1 Nov 08, 2021
2 Apr 11, 2022
38 Feb 26, 2022
7.8k Jan 05, 2023
1 Jan 22, 2022
5.1k Jan 04, 2023
2 Nov 23, 2021
266 Dec 13, 2022
71 Oct 28, 2022
8 Jun 15, 2022
17.7k Jan 07, 2023
14 Sep 10, 2022
216 Nov 25, 2022
48 Nov 15, 2022
31 Dec 29, 2022
11 Mar 22, 2022