Malice Office/OLE/RTF Plugin
This repository contains a Dockerfile of the malice plugin malice/office.
- Install Docker.
- Download trusted build from public DockerHub:
docker pull malice/office
docker run --rm -v /path/to/file:/malware:ro malice/office FILE
Usage: office [OPTIONS] COMMAND [arg...]
Malice Office Plugin
Version: v0.1.0, BuildTime: 20160627
Author:
blacktop - <https://github.com/blacktop>
Options:
--verbose, -V verbose output
--rethinkdb value rethinkdb address for Malice to store results [$MALICE_RETHINKDB]
--post, -p POST results to Malice webhook [$MALICE_ENDPOINT]
--proxy, -x proxy settings for Malice webhook endpoint [$MALICE_PROXY]
--table, -t output as Markdown table
--help, -h show help
--version, -v print the version
Commands:
help Shows a list of commands or help for one command
Run 'office COMMAND --help' for more information on a command.
This will output to stdout and POST to malice results API webhook endpoint.
{
"office": {
}
}
To write results to RethinkDB
$ docker volume create --name malice
$ docker run -d -p 28015:28015 -p 8080:8080 -v malice:/data --name rethink rethinkdb
$ docker run --rm -v /path/to/malware:/malware:ro --link rethink:rethink malice/office -t FILE
- Install Homebrew
$ brew install caskroom/cask/brew-cask
$ brew cask install virtualbox
$ brew install docker
$ brew install docker-machine
$ docker-machine create --driver virtualbox malice
$ eval $(docker-machine env malice)
Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.
MIT Copyright (c) 2016-2017 blacktop