• Journal of the Semiconductor & Display Technology
• /
• v.23 no.3
• /
• pp.108-114
• /
• 2024

This study details the development of YARA rules and a detection program specifically designed to identify malware in HWP documents, a common target in cyber-attacks within South Korea. By thoroughly analyzing the unique structural features of HWP files, we developed precise YARA rules that were subsequently integrated into a custom detection tool. The program was rigorously tested on a dataset of benign and malicious HWP documents, demonstrating high detection accuracy and a low false-positive rate. This research offers a robust and practical solution for enhancing cybersecurity in environments where HWP files are frequently used, contributing valuable tools for the targeted detection of document-based malware.