"APT" is a term created by the U.S. Air Force to describe Chinese threat actors.

The most common case where term APT is used is a targeted attack. Most of which are done via spoofed email messages. Most of which contain booby-trapped document attachments. Most of which show some actual content to the victim in order to fool him to believe the document was actually useful.

Which is why it's interesting to look at the documents, as they quite often tell us more about the attackers and the victims.

Here are some recent examples of malicious document files used in APT attacks. All of these were received anonymously via sample feeds and scanner aggregationers, so we don't know who were the real targets.

All of the above document files contain an exploit and drop a backdoor when viewed.

These files are blocked by F-Secure Antivirus.

Here are the SHA1 hashes of these samples:

e812d3f464b7ded8b5580ea2e55497046882b684 On 18/07/12 At 03:06 PM