Abstract
This study details the development of YARA rules and a detection program specifically designed to identify malware in HWP documents, a common target in cyber-attacks within South Korea. By thoroughly analyzing the unique structural features of HWP files, we developed precise YARA rules that were subsequently integrated into a custom detection tool. The program was rigorously tested on a dataset of benign and malicious HWP documents, demonstrating high detection accuracy and a low false-positive rate. This research offers a robust and practical solution for enhancing cybersecurity in environments where HWP files are frequently used, contributing valuable tools for the targeted detection of document-based malware.