The Mandiant APT1 report contains a tremendous amount of detail about attacker techniques, indicators of compromise, and possible adversaries. Most interesting was the large amount of technical detail provided about the indicators of compromise – domain names, SSL certificates, file hashes, and more. Tenable's research team leveraged this information into a wide variety of reporting and detection tools which are now available in Nessus and SecurityCenter.
↧