APT1: Additional Comment Crew Indicators of Compromise
Mandiant recently released a document containing indicators of compromise (IOCs) related to multiple espionage campaigns by a group known as the Comment Crew. Symantec has been actively tracking this group for six years while maintaining our own database of indicators. From our investigations we have collected thousands of indicators related to Comment Crew.
To help increase public awareness, we have decided to release hundreds of additional Comment Crew indicators to those already released. These are indicators that have been seen within the past year.
Symantec products already protect against the artifacts related to these indicators and many of these artifacts have already been shared with the security community.
Update [February 25, 2013] – Paper now also includes list of associated MD5 hashes.