In recent years, using IOC to detect malware-based network attacks has become an effective and accurate method, but the scheme of manually writing IOC rules is inefficient and can not meet the detection needs of a large number of rapidly iterated malware. Therefore, more efficient methods are needed to automatically convert open-source rules into anti-malware detection rules (IOC rules for detecting malware). In this paper, we propose a method to automate the conversion of anti-malware detection rules using open-source detection rules. We designed an intermediate structure called SIMIOC (Structure Intermediate-representation for Malware Information of Compromise) and implemented a SIMIOC-based converter. In the experiment, we used the SIMIOC-based converter to automatically convert 1218 rules for the Windows platform from three open-source rule repositories: Sigma, Elastic Security Detection Rules, and Splunk Security Content into signature detection rules that can be used in the Cuckoo sandbox, and deployed these rules to detect 21044 malware. By analyzing the experimental results, we found that the detection rate of the detection rules automatically converted by SIMIOC-based converter is 50.3%, and it reaches 73% of 640 cuckoo Sandbox signature manual rules. Furthermore, we demonstrated that the rules generated by SIMIOC-based converters have their emphasis on TTPs (Tactics, Techniques, and Procedures) and families, which are the optimization and complement of manual rules.