Mandiant observed a POORTRY sample signed with a Microsoft Windows Hardware Compatibility Authenticode signature. Further analysis led to a larger investigation into malicious drivers signed via the Windows Hardware Compatibility Program. 😱🌶️🔥 mandiant.com/resources/blog…

New from SentinelOne and Mandiant (part of Google Cloud): Targeted Attacks Leverage Signed Malicious Microsoft Drivers: 🟣 s1.ai/signed-ms 🟣 mandiant.com/resources/blog…

the elites don’t want you to know this, but this is actually sandworm

Likely Russian actor distributed trojaned copies of Windows OS: mandiant.com/resources/blog…

If we’re gonna haggle/argue over terminology can it please be thrunt.

What's the technical term for when you've absorbed so much technical debt you're spending all your time addressing support issues rather building?

Mandiant Blog - Turla: A Galaxy of Opportunity mandiant.com/resources/blog… This is Mandiant’s first observation of suspected Turla targeting Ukrainian entities since the onset of the invasion.

Member Turla signing Javascript malware? Serial Number: cd:fb:13:a3:e6:49:ec:c5:df:95:db:88:ca:c1:3f:fb

#100DaysofYARA tons of tasty info can be pulled from Macho headers, especially Load commands! Lets get a generic count of LOAD_DYLIB commands to quantify the amount of external libraries are used - no idea if any # is suspicious github.com/100DaysofYARA/…

We welcome Mandiant (part of Google Cloud)'s CAPA and GoReSym to our malware analysis suite. CAPA provides valuable TTPs, and GoReSym produces all kind of metadata to analyse GO samples: blog.virustotal.com/2023/01/mandia…

If you have any intel analysis or threat hunting roles, please reach out to @PhreakingGeek. You'd be hard-pressed to find anyone more passionate about chasing adversaries than he is. I am broken-hearted to have lost him, but I know he'll make a great impact on a new team.

capa v5.0.0 is out: major improvements for .NET binary analysis, 150 new/updated rules, caching to improve performance standalone and in the IDA Pro plugin, better ELF OS detection, and a lot more. github.com/mandiant/capa/… VirusTotal integration updates are next!

Really excited to see the culmination of some amazing work from some amazing people get released today. A report from Google TAG, with contributions from friends at Mandiant (part of Google Cloud), on cyber activity related to the war in Ukraine. Toni Gidwani Shane Huntley blog.google/threat-analysi…

Head of Rubrik Zero Labs @stonepwn3000 recently talked to Joe Tidy BBC News of BBC News (UK) about why it is so rare to hear about Western #CyberAttacks and hacking teams and how the narrative of who the good guys and bad guys are in cyber-space is changing 👇 rbrk.co/43WGGsd

Today, Mandiant is sharing research on the GRU’s Disruptive Playbook, drawn from insights into GRU’s full-spectrum cyber operations in Ukraine over the past year. mandiant.com/resources/blog…

First blog post in the books! mandiant.com/resources/blog…

One really cool thing we've implemented in this iteration of our graduation process is leveraging VirusTotal's Collections to provide IOCS to the community for #APT44 - check those out here: virustotal.com/gui/collection…

Don’t forget you VirusTotal collection with #APT45 iocs is available here virustotal.com/gui/collection…