Friday, June 13, 2014

Detection for PutterPanda, we got this.

Recently a post by Crowdstrike was released detailing an attack being used, allegedly, by the Chinese Military "PLA Unit 61486".  The post is a great demonstration of the use of OSINT (Open Source Intelligence) to track an adversary in this increasingly digital world.

You can read Crowdstrike's post here:
http://www.crowdstrike.com/blog/hat-tribution-pla-unit-61486/index.html

Naturally, we started receiving questions if we cover one of the malware/tools mentioned in the post:
15cae06fe5aa9934f96895739e38ca26

(there are others like it)

The VRT can confirm that we've had coverage for the malware/tools mentioned here, since 2012.

The Sourcefire IPS/Snort detects the outbound traffic with rules: 21240 and 21241, along with a similar variant at sid 21242.

No comments:

Post a Comment