The Mandiant Intelligence Validation Research Team (VRT) has published VHR20260306 - Content Expansion. This content pack requires Director version 4.14.1.0-0 or higher.

If you’ve enabled the Content Service, this content pack will automatically download and be applied to your Director. Otherwise, you can download the security content pack from the Mandiant Documentation Portal.

Summary of Changes

• 382 Actions added
• 231 Files added

Release Highlights

• New Actions covering UNC3313, an Iran-nexus cyber espionage group observed targeting Middle Eastern government, telecommunications, and technology entities.
• New Actions covering UNC1549, a suspected Iranian cyber espionage cluster targeting energy, government, and defense sectors primarily in Saudi Arabia and the United Arab Emirates.
• New Actions covering APT42, an Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian Government.
• New Actions covering UNC5866, a suspected Iran-nexus threat actor performing hacktivism and malware delivery campaigns.
• New Actions covering UNC5667, a suspected subcluster of the Iranian espionage actor UNC3313 primarily conducting custom malware deployment operations via spearphishing.
• New Actions covering UNC6085, a suspected Iranian cluster conducting surveillance and monitoring operations against the Iranian diaspora, activists, journalists, and the education sector, and leveraging the Telegram-based HEAVYGRAM backdoor.

For full details on this release, see the Release Notes on the Mandiant Documentation Portal.