By using Mandiant’s Redline tool, I’ve identified three of the seven new samples that VirusShare has just added:
- GLOOXMAIL - 3de1bd0f2107198931177b2b23877df4
- BISCUIT - 12f25ce81596aeb19e75cc7ef08f3a38
- TARSIP-MOON - bd02b41817d227058522cca40acd390
This week marks the first week that I have integrated APT1 samples into the graded practical exercises in the Reverse Engineering class I teach at Mississippi State University. The use of real-world malware attributed to state-sponsored actors in my classroom has been the focus of some recent positive media attention. If you’re interested in following along, this is the assignment my students are working on this week:
The students have been excited about applying what they’ve learned to malicious software that’s been making headlines recently. Most of the APT1 samples are easy enough to analyze to be good exercise material for the students at this point in their reverse-engineering-education, and it’s interesting to look at the software that’s been responsible for the theft of so much information. I’m very impressed with my students’ progress so far, and I hope they’re enjoying getting their hands dirty this week.