This morning I identified a PDF with the name “Mandiant_APT2_Report.pdf” uploaded from India and was using a lure different than what Symantec just reported on. The file is password protected following the theme Xecure and myself had seen last year.

Mandiant_APT2_Report.pdf

MD5: 14a6e24977ff6e7e8a8661aadfa1a1f3

SHA-1: b4f7f52ac65aa1932405b2b243104acdf872f4b6

SHA-256: 2b192eeacc39d66cbca83a398bdc104d7f4f57c7d598ce6894039f193e94d23eThe