apooxml
Generate YARA rules for OOXML documents using ZIP local header metadata. To learn more about this tool and the methodology behind it, check out the accompanying blog here.
Usage
➜ python3 apooxml.py -h
usage: apooxml.py [-h] [-a AUTHOR] [-n NAME] [-o OUT] sample
Generate YARA rules for OOXML documents.
positional arguments:
sample OOXML document to generate YARA rule from.
optional arguments:
-h, --help show this help message and exit
-a AUTHOR, --author AUTHOR
YARA rule author.
-n NAME, --name NAME YARA rule name.
-o OUT, --out OUT YARA rule file name.
320 Jan 02, 2023
23 Dec 26, 2022
214 Jan 03, 2023
2 Aug 02, 2022
73 Dec 19, 2022
4 Dec 04, 2021
1 Jan 12, 2022
4 Dec 31, 2022
470 Dec 28, 2022
14 Dec 30, 2022
3 Oct 02, 2021
71 Dec 26, 2022
64 Sep 18, 2022
11 Mar 22, 2022
16 Jul 21, 2022
379 Jan 08, 2023
186 Dec 30, 2022
375 Jan 05, 2023
3 Jan 06, 2022
2 Nov 23, 2021