Yesterday, fireeye has posted a blog about a new 0day attack. (http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html) (http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html). This 0day is affected IE 10, and has been assigned as CVE-2014-0322, and it can be used to ATP attack. We can find the sample here: http://jsunpack.jeek.org/?report=a7d85dd462456a816b1ebc8306550e0c9b61c75e
Now I show the shellcode and show what the shellcode do. That’s a cool thing to analyze the 0day attacking sample.