Here are some commercial products that could help in identification (and possibly remediation) of APT infections:
- Mandiant Intelligent Response
- HBGary - Responder Professional
- Damballa's Failsafe Solution and APT-Audit
In this blog I would like to explore how to identify APT infections with freely available tools (like the one's from Mandiant and others) and maybe custom scripts.
Mandiant's webinar "Fresh Prints: Malware Behaving Badly" covers some details that I would like to dive into. The "Malware Rating Index" (MRI) in the free software Audit Viewer sounds interesting.
*** Disclaimer: I'm not affiliated with any of the companies linked in this blog ***