The Mandiant Intelligence Validation Research Team (VRT) has published VHR20250917 - Content Expansion. This content pack requires Director version 4.12.1.0-0 or higher.
If you’ve enabled the Content Service, this content pack will automatically download and be applied to your Director. Otherwise, you can download the security content pack from the Mandiant Documentation Portal.
Summary of Changes
- 41 Actions added
- 35 Files added
- 27 Actions updated
Release Highlights
- New Actions demonstrating Campaign 25-042, a North Korean actor UNC1069 campaign that uses advanced social engineering and deepfakes to deploy macOS malware for cryptocurrency theft.
- New Actions demonstrating Campaign 25-044, a China-nexus espionage campaign targeting legal services and software companies in the United States via the deployment of BRICKSTORM and SLAYSTYLE and reconnaissance with AZUREHOUND.
- New Actions demonstrating Campaign 25-045, an opportunistic campaign by UNC6186 delivering LUMMAC.V2.
- New Actions demonstrating Campaign 25-049, a financially motivated actor UNC6345 campaign targeting the education and construction & engineering industries in the United States, leveraging credential harvesting and MFA interception techniques to access and alter direct deposit information.
For full details on this release, see the Release Notes on the Mandiant Documentation Portal.