Update 2014-01-17 I'm updating this post to include a slightly revised version of the Pyramid. The only real change I made was that I added a new level for hashes. I also updated the text to account for this. On February 18th, Mandiant put a major hole in the APT intelligence dam when they released their APT1 report profiling a group commonly referred to as Comment Crew. There followed a small