Don’t forget you @virustotal collection with #APT45 iocs is available here

Member Turla signing Javascript malware? Serial Number: cd:fb:13:a3:e6:49:ec:c5:df:95:db:88:ca:c1:3f:fb

One really cool thing we've implemented in this iteration of our graduation process is leveraging @virustotal's Collections to provide IOCS to the community for #APT44 - check those out here: https://t.co/dGyXd8QWh0

First blog post in the books!

Today, Mandiant is sharing research on the GRU’s Disruptive Playbook, drawn from insights into GRU’s full-spectrum cyber operations in Ukraine over the past year. https://t.co/ym9Oeb4tmj

Head of Rubrik Zero Labs @stonepwn3000 recently talked to @joetidy of @BBCNews about why it is so rare to hear about Western #CyberAttacks and hacking teams and how the narrative of who the good guys and bad guys are in cyber-space is changing 👇

Really excited to see the culmination of some amazing work from some amazing people get released today. A report from @Google TAG, with contributions from friends at @Mandiant, on cyber activity related to the war in Ukraine. @t_gidwani @ShaneHuntley https://t.co/hsY2xUg9CX

capa v5.0.0 is out: major improvements for .NET binary analysis, 150 new/updated rules, caching to improve performance standalone and in the IDA Pro plugin, better ELF OS detection, and a lot more. https://t.co/lzWP1SEZcB VirusTotal integration updates are next!

If you have any intel analysis or threat hunting roles, please reach out to @PhreakingGeek. You'd be hard-pressed to find anyone more passionate about chasing adversaries than he is. I am broken-hearted to have lost him, but I know he'll make a great impact on a new team.

We welcome @Mandiant's CAPA and GoReSym to our malware analysis suite. CAPA provides valuable TTPs, and GoReSym produces all kind of metadata to analyse GO samples: https://t.co/3jYUfIf1Zv

#100DaysofYARA tons of tasty info can be pulled from Macho headers, especially Load commands! Lets get a generic count of LOAD_DYLIB commands to quantify the amount of external libraries are used - no idea if any # is suspicious https://t.co/7L9dGfAjxb

Member Turla signing Javascript malware? Serial Number: cd:fb:13:a3:e6:49:ec:c5:df:95:db:88:ca:c1:3f:fb

Mandiant Blog - Turla: A Galaxy of Opportunity https://t.co/Alh37xmdmv This is Mandiant’s first observation of suspected Turla targeting Ukrainian entities since the onset of the invasion.

What's the technical term for when you've absorbed so much technical debt you're spending all your time addressing support issues rather building?

If we’re gonna haggle/argue over terminology can it please be thrunt.

the elites don’t want you to know this, but this is actually sandworm

Likely Russian actor distributed trojaned copies of Windows OS:

Mandiant observed a POORTRY sample signed with a Microsoft Windows Hardware Compatibility Authenticode signature. Further analysis led to a larger investigation into malicious drivers signed via the Windows Hardware Compatibility Program. 😱🌶️🔥 https://t.co/XFhESLLWxV

New from @SentinelOne and @Mandiant: Targeted Attacks Leverage Signed Malicious Microsoft Drivers: 🟣 https://t.co/qGL5uN9Kdy 🟣

10th anniversary of Mandiant APT1 report Cyber-truther to Qanon evolution begins