Readme for IOCs to accompany FireEye blog and other public posts.
https://github.com/mandiant/iocs
IOCs in this repository are provided under the Apache 2.0 license.

Read more about the OpenIOC format in FireEye's blog post:
https://www.mandiant.com/resources/openioc-basics

Read more about the groups and what these indicators mean in FireEye's blog posts about them:

# APT12 — Darwin’s Favorite APT Group
http://www.fireeye.com/blog/technical/botnet-activities-research/2014/09/darwins-favorite-apt-group-2.html

# APT17 - Hiding in Plain Sight: FireEye and Microsoft Expose Chinese APT Group’s Obfuscation Tactic
https://www.fireeye.com/blog/threat-research/2015/05/hiding_in_plain_sigh.html

# APT18 - Demonstrating Hustle
https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html

# APT30 - Mechanics of a Long-Running Cyber Espionage Operation
https://www.fireeye.com/blog/threat-research/2015/04/apt_30_and_the_mecha.html

# FIN4 - Hacking The Street: FIN4 Likely Playing the Market
https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html