Saturday, March 02, 2013

Mandiant APT1 Report: 25 Best Commentaries of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Last 12 Days

Two weeks ago today our team at Mandiant was feverishly preparing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 release of our APT1 report.

In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 twelve days that followed publication on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 evening of Monday cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 18th, I've been very pleased by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 amount of constructive commentary and related research published online.

In this post I'd like to list those contributions that I believe merit attention, in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 event you missed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time around.

These sorts of posts are examples of what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security community can do to advance our collective capability to counter digital threats.

Please note I avoided mass media accounts, interviews with Mandiant team members, and most general commentary.

They are listed in no particular order.

  1. Seth Hall (Bro): Watching for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 APT1 Intelligence
  2. Jason Wood (SecureIdeas): Reading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Mandiant APT1 Report
  3. Chris Sanders: Making cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Mandiant APT1 Report Actionable
  4. Symantec: APT1: Q&A on Attacks by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Comment Crew
  5. Tekdefense (NoVA Infosec): MASTIFF Analysis of APT1
  6. Chort Row (@chort0): Analyzing APT1 with Cuckoobox, Volatility, and Yara
  7. Ron Gula (Tenable): We have Microsoft Tuesday, so how long until we have Indicator Wednesday?
  8. OpenDNS Umbrella Labs:An intimate look at APT1, China’s Cyber-Espionage Threat
  9. Chris Lew (Mandiant): Chinese Advanced Persistent Threats: Corporate Cyber Espionage Processes and Organizations (BSidesSF, slides not online yet)
  10. Adam Segal: Hacking back, signaling, and state-society relations
  11. Snorby Labs: APT Intelligence Update
  12. Wendy Nacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r: Exercises left to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader
  13. Brad Shoop (Mandiant): Mandiant’s APT1 Domain/MD5 Intel and Security Onion for Splunk
  14. Brad Shoop (Mandiant): Mandiant’s APT1 Domain/MD5 Intel and Security Onion with ELSA
  15. Kevin Wilcox: NSM With Bro-IDS Part 5: In-house Modules to Leverage Outside Threat Intelligence
  16. Cyb3rsleuth: Chinese Threat Actor Part 5
  17. David Bianco: The Pyramid of Pain
  18. Wesley McGrew: Mapping of Mandiant APT1 malware names to available samples
  19. Russ McRee: Toolsmith: Redline, APT1, and you – we’re all owned
  20. Jaime Blasco ( AlienVault Labs): Yara rules for APT1/Comment Crew malware arsenal
  21. Brandon Dixon: Mandiant APT2 Report Lure
  22. Seculert: Spear-Phishing with Mandiant APT Report
  23. PhishMe: How PhishMe addresses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top attack method cited in Mandiant’s APT1 report
  24. Rich Mogull (Securosis): Why China's Hacking is Different
  25. China Digital Times: Netizens Gacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Evidence of PLA Hacking

M-Unition (Mandiant) published Netizen Research Bolsters APT1 Attribution.

I'd also like to cite Verizon for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir comments and mention of IOCExtractor and Symantec for publishing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir indicators via Pastebin after I asked about it.

Thank you to those who took cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time to share what you found when analyzing related APT1 data, or when showing how to use APT1 indicators to do detection and response.


4 comments:

Unknown said...

Hi Richard,

Thanks for listing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Secure Ideas blog on this. I just wanted to make one correction, it was not written by me (Kevin Johnson) but by Jason Wood, one of our consultants.

Thanks
Kevin

Richard Bejtlich said...

Thanks Kevin, fixed.

mzet said...

Hi Richard,

I think that publishing SSL certificates used by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 APT1 malware was great idea.

Could Mandiant release APT1 SSL certificates (from appendix F) in PEM format or at least provide fingerprints (md5, sha1) for published certificates? I would like to add capability to detect those certificates by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Nmap network scanner but to do this I need at least sha1 fingerprints. AFAIK converting certificates from text format (format in which APT1 certificates are now available) to PEM is quite complicated.

Thanks in advance.

Mariusz

Anonymous said...

And anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r I found useful.

http://www.joshd.ca/content/making-mandiant-apt1-intel-actionable-using-splunk

Thanks Richard