Video Screencast Help

APT1: Additional Comment Crew Indicators of Compromise

Created: 22 Feb 2013 18:18:54 GMT • Updated: 23 Jan 2014 18:09:27 GMT • Translations available: 日本語
Symantec Security Response's picture
0 2 Votes
Login to vote

Mandiant recently released a document containing indicators of compromise (IOCs) related to multiple espionage campaigns by a group known as the Comment Crew. Symantec has been actively tracking this group for six years while maintaining our own database of indicators. From our investigations we have collected thousands of indicators related to Comment Crew.

To help increase public awareness, we have decided to release hundreds of additional Comment Crew indicators to those already released. These are indicators that have been seen within the past year.

Symantec products already protect against the artifacts related to these indicators and many of these artifacts have already been shared with the security community.

You can find these indicators in the following paper: Comment Crew Indicators of Compromise and on Pastebin.

Update [February 25, 2013] – Paper now also includes list of associated MD5 hashes.