Irregular Expressions

Feb 20 2013   10:01PM GMT

Unit 61398 – Part 3

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

If you are able to use yara rules. You can get an APT1 specific set here. The posting has instructions on how you can leverage them.

Now back to the video.

They do point it out during the video but if you look around 1:20. You can see the alert at the top from gmail that someone has logged in to the account from a China IP. This part does not feel right to me. I wonder if it is being careless, not caring, or something else is going on.
With everything that this account is used for why would you log in to it with your own IP address? I just don’t know why in the world you would setup an account like this then log in to it from home? I almost think it was an accident by the attacker.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: