Building on the initial research you did on your APT group last week, for this week's discussion, I want you to familiarize yourself with the Lockheed Martin "Cyber Kill Chain" and then identify your APT group's tools, techniques, and procedures (TTPs) for the Exploitation, Installation, and Command and Control phases. 1) What Indicators of Compromise (IOCs) would suggest that this adversary is present on a network? 2) What techniques or tools are they using to evade detection by host-based detection products? What techniques or tools are they using to evade network-based detection? 3) Assuming you work in an affected company's incident response/network defense team, what steps would you take to remediate and mitigate the threat? Note: posting that you would improve security awareness/education training does NOT remediate against an on-going operation and as such, I won't provide credit if I see this answer posted. Ditto with a posting that says use vendor X's product (Falcon View, etc.). 4) How would you present the case to your management that the APT group is on the network and would it matter to the company whether the threat was coming from a suspect state-sponsored actor? If so/not, explain. My expectation for this post is that you will use multiple APT reports to identify such indicators, so I'll expect to see references from multiple cyber security vendors' reporting in your citations. Note that the same group could be called something different by a different cyber security vendor, so I'll provide you with this Google Group page as a starting point to help you identify other names for your APT actors: