Recently a post by Crowdstrike was released detailing an attack being used, allegedly, by the Chinese Military "PLA Unit 61486".  The post is a great demonstration of the use of OSINT (Open Source Intelligence) to track an adversary in this increasingly digital world.

You can read Crowdstrike's post here:

Naturally, we started receiving questions if we cover one of the malware/tools mentioned in the post:
 (there are others like it)

The VRT can confirm that we've had coverage for the malware/tools mentioned here, since 2012.

The Sourcefire IPS/Snort detects the outbound traffic with rules: 21240 and 21241, along with a similar variant at sid 21242.