apooxml
Generate YARA rules for OOXML documents using ZIP local header metadata. To learn more about this tool and the methodology behind it, check out the accompanying blog here.
Usage
➜ python3 apooxml.py -h
usage: apooxml.py [-h] [-a AUTHOR] [-n NAME] [-o OUT] sample
Generate YARA rules for OOXML documents.
positional arguments:
sample OOXML document to generate YARA rule from.
optional arguments:
-h, --help show this help message and exit
-a AUTHOR, --author AUTHOR
YARA rule author.
-n NAME, --name NAME YARA rule name.
-o OUT, --out OUT YARA rule file name.
166 Dec 29, 2022
30 Nov 23, 2022
643 Dec 31, 2022
3.4k Dec 30, 2022
0 Mar 15, 2022
89 Dec 25, 2022
2 Aug 02, 2022
282 Dec 28, 2022
1.9k Dec 26, 2022
3.1k Dec 29, 2022
2 Dec 07, 2021
8.3k Jan 08, 2023
1 Jan 04, 2022
727 Dec 26, 2022
4 Feb 14, 2022
13 Aug 25, 2022
8 Dec 15, 2022
2 Feb 12, 2022
3 May 18, 2022
0 Sep 05, 2021