Friday, June 13, 2014

Detection for PutterPanda, we got this.

Recently a post by Crowdstrike was released detailing an attack being used, allegedly, by the Chinese Military "PLA Unit 61486".  The post is a great demonstration of the use of OSINT (Open Source Intelligence) to track an adversary in this increasingly digital world.

You can read Crowdstrike's post here:

Naturally, we started receiving questions if we cover one of the malware/tools mentioned in the post:

(there are others like it)

The VRT can confirm that we've had coverage for the malware/tools mentioned here, since 2012.

The Sourcefire IPS/Snort detects the outbound traffic with rules: 21240 and 21241, along with a similar variant at sid 21242.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.