“APT” is a term created by the U.S. Air Force to describe Chinese threat actors.
The most common case where term APT is used is a targeted attack. Most of which are done via spoofed email messages. Most of which contain booby-trapped document attachments. Most of which show some actual content to the victim in order to fool him to believe the document was actually useful.
Which is why it’s interesting to look at the documents, as they quite often tell us more about the attackers and the victims.
Here are some recent examples of malicious document files used in APT attacks. All of these were received anonymously via sample feeds and scanner aggregationers, so we don’t know who were the real targets.
All of the above document files contain an exploit and drop a backdoor when viewed.
These files are blocked by F-Secure Antivirus.
Here are the SHA1 hashes of these samples:
On 18/07/12 At 03:06 PM