apooxml
Generate YARA rules for OOXML documents using ZIP local header metadata. To learn more about this tool and the methodology behind it, check out the accompanying blog here.
Usage
➜ python3 apooxml.py -h
usage: apooxml.py [-h] [-a AUTHOR] [-n NAME] [-o OUT] sample
Generate YARA rules for OOXML documents.
positional arguments:
sample OOXML document to generate YARA rule from.
optional arguments:
-h, --help show this help message and exit
-a AUTHOR, --author AUTHOR
YARA rule author.
-n NAME, --name NAME YARA rule name.
-o OUT, --out OUT YARA rule file name.
3.8k Dec 30, 2022
104 Dec 31, 2022
4 Dec 31, 2022
35 Dec 23, 2022
6 Jan 07, 2023
2 Nov 12, 2022
75 Dec 30, 2022
6 Dec 29, 2022
4.1k Jan 07, 2023
1 Mar 17, 2022
1 Dec 19, 2021
4.3k Dec 31, 2022
68 Jun 10, 2022
166 Dec 29, 2022
0 Jan 20, 2022
1 Mar 01, 2022
15 Dec 06, 2022
25.5k Dec 29, 2022
0 Dec 13, 2022
10 Oct 06, 2022