Wednesday, October 27, 2021

Detecting Embedded Content in OOXML Documents

On Advanced Practices, we are always looking for new ways to find malicious activity and track adversaries over time. Today we’re sharing a technique we use to detect and cluster Microsoft Office documents—specifically those in the Office Open XML (OOXML) file format. Additionally, we’re releasing a tool so analysts and defenders can automatically generate YARA rules using this technique.

OOXML File Format

Beginning with Microsoft Office 2007, the default file format for Excel, PowerPoint, and…

Read More

Latest news
Related news