2014-04-29 10:10 AM
Good morning Community! I wanted to post a quick note letting folks know that that the research and content teams have been aware of the IE vulnerability released by FireEye since the weekend. We have been determining how best to address the issue via content. Early reports were not very detailed around the specifics of the exploit, but as we collect more information and develop mechanisms for detecting the vulnerability, updates will start to come across the wire.
Stay tuned,
Michael Scott Shreve, Pragmatic PMC-3
Product Manager | RSA Threat Intelligence
T: 571.392.6186
M: 703.853.6455
2014-04-29 06:31 PM
Good evening Community! We have a few pieces of content to help you identify instances of this 0-day.
Indicators have been loaded into the “third party indicators” feeds (Third Party IOC IPs and Third Party IOC Domains), and can be located using the following app rule:
name=ie-zero-day-04-14 rule="threat.source = \"third party publicized iocs\" && threat.desc begins \"zero day cve-2014-
1776\"" order=21 alert=risk.warning type=application
Happy hunting!
2014-05-01 11:50 AM
Saving this as nwr file and Importing throws errors.
Does this condition look good for searching in Investigator.
threat.source = ‘third party publicized iocs’ && threat.desc begins ‘zero day cve-2014-1776’
2014-05-01 12:01 PM