Home/CVE-2018-1685/YARA rules
YARA

YARA rules for CVE-2018-1685

1 rules · scoped to cve · back to CVE-2018-1685
YARA rules whose family, name, or description matches this cve or its tooling. Use these for binary-pattern hunts.

YARA rules

1 of 1
direct EXP
EXP_Libre_Office_CVE_2018_16858
RCE in Libre Office with crafted ODT file (CVE-2018-16858)
author John Lambert @JohnLaTwC / modified by Florian Roth license see source repo
view YARA rule 
rule EXP_Libre_Office_CVE_2018_16858 {
    meta:
        description = "RCE in Libre Office with crafted ODT file (CVE-2018-16858)"
        author = "John Lambert @JohnLaTwC / modified by Florian Roth"
        date = "2019-02-01"
        reference = "https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html"
        hash = "95a02b70c117947ff989e3e00868c2185142df9be751a3fefe21f18fa16a1a6f"
        id = "17a0a569-27bf-57ab-937e-8943442ae604"
    strings:
        $s1 = "xlink:href=\"vnd.sun.star.script:" ascii nocase
        $s2 = ".py$tempfilepager" ascii nocase
        $tag = {3c 6f 66 66 69 63 65 3a 64 6f 63 }
    condition:
        uint32be(0) == 0x3c3f786d // <?xm
        and $tag in (0..0100) // <office:doc
        and all of ($s*)
}
Showing 1-1 of 1
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin