jonathant1at July 28,2017 Interesting video but I am unsure about how Mandiant (now FireEye) was able to capture “dota’s” session while he was controlling remote victims. Fortunately, a PDF report for APT1 is still available on the internet and can be found at https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf.
I will definitely be reviewing the report to get familiar with the various tools used in the video.
cmasseyat July 28,2017 I think I may have missed the context on how the video was obtained (like a red-team simulation, or other kind of demonstration). Regardless, this video just goes to show that the weakest link is always the one between the keyboard and chair.
cmartiat September 01,2017 IP address to the backdoor using a command shell. Using the backdoor on the C2 interface and its commands APT 1 actor using IP addresses on HOSTed on websites. With the allowence of stolen files on the web would speak about this compromise. Stealing files ..RAR files on LightBolt for sharing files is something to learn about with this video.
fsalzaabiat September 04,2017 The large number of tools available today makes it easy for any determined person to hack today. Nonetheless, it is a very informative video. However, i am really interested to know how this live capture was acquired.
gwlongat September 05,2017 This raises questions about the responsibility of Google to filter out these sorts of users. For example, the user lists their home country as the US but their phone number as Chinese - you think this would prompt further investigative measures by Google. On top of this, I am also wondering how live stream video of these attacks was obtained. These attack methods don't seem to be extremely advanced, relying mostly on spear fishing and vulnerable exposed open services like FTP. I know Google has some threat detection filtering services on its email services for incoming messages, but this makes me wonder if Google monitors outgoing mail with the same scrutiny - this again raises questions about the culpability of Google in these instances.