AlienVault and Kaspersky have released a whitepaper entitled “Operation ‘Red October’: Indicators of Compromise and Mitigation Data.”
The whitepaper contains background information, indicators of compromise, command and control domains, the IP addresses utilized in the attack, a list of passwords and community names used to attack network devices, network traffic details, RC4 encryption keys, and data on the vulnerabilities exploited in the campaign.
In addition, the security firms also provide an OpenIOC file that can be used by system administrators to check for any signs of the cyber espionage operation.
In the meantime, Kaspersky has revealed that the attackers have started shutting down their command and control infrastructure.
“Operation ‘Red October’: Indicators of Compromise and Mitigation Data” is available here.