Recently a post by Crowdstrike was released detailing an attack being used, allegedly, by the Chinese Military "PLA Unit 61486". The post is a great demonstration of the use of OSINT (Open Source Intelligence) to track an adversary in this increasingly digital world.
You can read Crowdstrike's post here:
Naturally, we started receiving questions if we cover one of the malware/tools mentioned in the post:
(there are others like it)
The VRT can confirm that we've had coverage for the malware/tools mentioned here, since 2012.
The Sourcefire IPS/Snort detects the outbound traffic with rules: 21240 and 21241, along with a similar variant at sid 21242.