Software Engineering Institute

Investigating APT1

January 13, 2014 • Presentation

By

Deana Shick and Angela Horneman

In this presentation, the authors discuss utilizing the Internet Census 2012 data to understand how public sources tell a story about specific threat groups.

Publisher

Software Engineering Institute

Subjects

Flocon Situational Awareness

Abstract

Overall Findings:

Available unclassified data gives a snapshot in time of what APT1 was using.
APT1 uses stable, well-connected infrastructure, mostly in the US.
- Windows 2003 or XP, Linux ~2.6.32
- Mostly ISPs or hosting providers.
The APT1 infrastructure may be evolving.
Malware hashes indicate there is a much bigger network for APT1 than what was released.

Download PDF

Part of a Collection

FloCon 2014 Collection

Ask a question about this Presentation

This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.

Software Engineering Institute

Investigating APT1

January 13, 2014 • Presentation

By Deana Shick and Angela Horneman

Publisher

Subjects

Abstract

SHARE

Part of a Collection

By

Deana Shick and Angela Horneman