标签归档 » APT

CVE-2014-0322 0day root cause analysis

Yesterday, fireeye has posted a blog about a new 0day attack. (http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html) (http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html). This 0day is affected IE 10, and has been assigned as CVE-2014-0322, and it can be used to ATP attack. We can find the sample here: http://jsunpack.jeek.org/?report=a7d85dd462456a816b1ebc8306550e0c9b61c75e

The Shellcode Used in the latest Zero Day Attack Analysis (CVE-2013-5065&CVE-2013-3346)

Now I show the shellcode and show what the shellcode do. That’s a cool thing to analyze the 0day attacking sample.