APT1: Additional Comment Crew Indicators of Compromise

Mandiant recently released a document containing indicators of compromise (IOCs) related to multiple espionage campaigns by a group known as the Comment Crew. Symantec has been actively tracking this group for six years while maintaining our own database of indicators. From our investigations we have collected thousands of indicators related to Comment Crew.

To help increase public awareness, we have decided to release hundreds of additional Comment Crew indicators to those already released. These are indicators that have been seen within the past year.

Symantec products already protect against the artifacts related to these indicators and many of these artifacts have already been shared with the security community.

You can find these indicators in the following paper: Comment Crew Indicators of Compromise.

Update [February 25, 2013] – Paper now also includes list of associated MD5 hashes.