I have found this post that seems to be the resume of a talk  given by an employee of Mandiant at FIRST 2011.

The text explains the steps that need to be taken to remediate  the attack and the possible scenarios that a small and a large enterprise can face. It is not meant to be a cheat-sheet but  rather the experience in the field and tactics that helped them to be successful.