https://github.com/mandiant/apooxml

Generate YARA rules for OOXML documents.
https://github.com/mandiant/apooxml

detection malware ooxml security yara

Last synced: 6 months ago
JSON representation

Generate YARA rules for OOXML documents.

Host: GitHub
URL: https://github.com/mandiant/apooxml
Owner: mandiant
License: apache-2.0
Archived: true
Created: 2021-08-11T02:51:45.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2023-06-01T13:19:25.000Z (over 2 years ago)
Last Synced: 2025-03-13T12:32:10.137Z (7 months ago)
Topics: detection, malware, ooxml, security, yara
Language: Python
Homepage:
Size: 7.81 KB
Stars: 38
Watchers: 4
Forks: 8
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

# apooxml
Generate YARA rules for OOXML documents using ZIP local header metadata. To learn more about this tool and the methodology behind it, check out the accompanying blog [here](https://www.mandiant.com/resources/detecting-embedded-content-in-ooxml-documents).

## Usage
```
➜ python3 apooxml.py -h
usage: apooxml.py [-h] [-a AUTHOR] [-n NAME] [-o OUT] sample

Generate YARA rules for OOXML documents.

positional arguments:
sample OOXML document to generate YARA rule from.

optional arguments:
-h, --help show this help message and exit
-a AUTHOR, --author AUTHOR
YARA rule author.
-n NAME, --name NAME YARA rule name.
-o OUT, --out OUT YARA rule file name.
```

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/mandiant/apooxml

Awesome Lists containing this project

README