The Mandiant Intelligence Validation Research Team (VRT) has published VHR20251209 - Content Expansion. This content pack requires Director version 4.12.1.0-0 or higher.
If you’ve enabled the Content Service, this content pack will automatically download and be applied to your Director. Otherwise, you can download the security content pack from the Mandiant Documentation Portal.
Summary of Changes
- 7 Actions added
- 6 Files added
Release Highlights
- A new Action covering CVE-2025-55182, a Deserialization of Untrusted Data vulnerability that allows a remote attacker to execute arbitrary code.
- New Actions covering SNOWLIGHT, a downloader written in C.
- New Actions for XMRIG, a cryptocurrency miner written in C++ that supports multiple mining algorithms including RandomX, KawPow, CryptoNight, and AstroBWT.
For full details on this release, see the Release Notes on the Mandiant Documentation Portal.