This repository is part of the work: "Content Disarm and Reconstruction of Microsoft Office OLE Files" submitted to Elsevier Computers & Security. The repository contains Yara Rules and python scripts to reproduce the result.
The author would like to thank Amir Gillette for running the analysis. This work was supported by the Ariel Cyber Innovation Center in conjunction with the Israel National Cyber Directorate in the Prime Minister’s Office. VirusTotal for granting us access to their cloud service and malware collection for educational use and Aspose for providing an academic license for their ASPOSE total product libraries for parsing and manipulating PDF files. This work is based on a patent-pending request 63/408631.