Show in Graph
Common Information
Type Value
Value 
rule RTF_Equation_Editor_CVE_2018_0798 {
	meta:
		author = "Anomali"
		tlp = "GREEN"
		version = "1.0"
		date = "2019-05-10"
		hash = "264cee1c1854698ef0eb3a141912db40"
		description = "Detects Malicious RTFs exploiting CVE-2018-0798"
	strings:
		$S1 = "4460606060606060606061616161616161616161616161616161fb0b"
		$RTF = "{\rt"
	condition:
		$RTF at 0 and $S1
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2019-07-03 106 Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018