McAfee has recently released specific details about their analysis of the Aurora malware that was used to compromise 30+ companies over the past few months. This malware is consistent with the types of files that Enclave and other organizations who have responded to APT based attacks have discovered. It appears to utilize many of the same mechanisms and even file name in many such cases. A link to one of their reports on the topic can be found at:
Specifically the hashes for the Aurora malware are:
In addition they have also identified a list of domains that you should be blocking that are used as a part of this malware as well. The following domains have been detected as containing malicious code associated with the Aurora malware:
Thanks again to the teams at McAfee / Foundstone for releasing this data. These are the types of datasets we need to be better about sharing if we are going to be effective at stopping these directed attacks!