Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2018-04-23 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New IE 0-day in the wild

Published: 2018-04-23
Last Updated: 2018-04-23 14:10:40 UTC
by Didier Stevens (Version: 1)
2 comment(s)

Qihoo 360 Technology, a Chinese internet security company, published a report for a new Internet Explorer zero-day exploit it has seen exploited in the wild by an (unmentioned) APT group. Qihoo 360 has reported this to Microsoft on 4/19/2018. We have no news from Microsoft.

The report can be found here (Standard Chinese).

Although the report does not contain much technical details, there is a diagram of the kill chain that we have translated here:

It seems that the initial attack, detected by Qihoo 360, used a Microsoft Office document containing a web page. The vulnerability seems to be in the Internet Explorer engine, and could thus be exploited via any application that uses the IE engine.

We will post more news as it becomes available.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

Keywords: 0day apt ie
2 comment(s)
ISC Stormcast For Monday, April 23rd 2018 https://isc.sans.edu/podcastdetail.html?id=5965
Diary Archives