For the attacker, the HackingTeam data leak certainly gives them a“spring”. Attackers in the data leak the next day it will be baked 0day vulnerabilities added to the mainstream exploit kits. Copy the leaked 0day attack HackingTeam leakage of various 0day information can be easily reused. In General, attack Toolkit authors will exploit re-packaged customized in line with your operating habits. But not all attackers will do, we are in a Chinese web site on find a targeted attack, the attacker will HackingTeam in the code almost intact copy of the up to use, just modify the default“calc.exe（calculator）”attack payload is. ! Not only is loading of the stencil is completely the same even Run the calc. exe button are the same, and of course Flash EXP is the same. ! The only difference is the payload, which will be the calculator program is replaced with a malicious binary file. ! The attacker used the file: mogujie.exe desktop.exe SWF(1) SWF(2) Slightly sarcasm means Although the foreign media for the attacker slightly mocking, but let's not have a saying? Tube he black cat or white cat, catch rat is good cat...... The event is from another aspect of the reaction, based on the HackingTeam leaking out of the 0day still exist. Take this example, foreign media have already reported 2 days, the site is still not any respond!