VHR20250115 - January 15, 2025

The Mandiant Intelligence Validation Research Team (VRT) has published VHR20250115 - Content Expansion. This content pack requires Director version 4.12.1.0-0 or higher.

If you’ve enabled the Content Service, this content pack will automatically download and be applied to your Director. Otherwise, you can download the security content pack from the Mandiant Documentation Portal.

Summary of Changes

• 10 Actions added


• 8 Files added

Release Highlights

• New Actions demonstrating malware identified in an ongoing campaign targeting vulnerable Ivanti Connect Secure VPN appliances. This campaign involves the exploitation of a zero-day vulnerability, as detailed in Google Cloud's Threat Intelligence report: Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation.


• New Actions demonstrating Campaign 24-073, a financially motivated campaign distributing infostealer malware via fake software installers.

For full details on this release, see the Release Notes on the Mandiant Documentation Portal.