@BarryV profile picture
BarryV @BarryV

Show me, don't tell me -- Opinions are my own and do not represent those of my employer

Joined November 2008
  • Tweets 2,544
  • Following 648
  • Followers 973
197 Photos and videos
BarryV retweeted
Dan Perez
@MrDanPerez
25 Jul 2024
Don’t forget you @virustotal collection with #APT45 iocs is available here virustotal.com/gui/collectio…
4
13
799
BarryV retweeted
BarryV@BarryV
6 Jan 2023
Member Turla signing Javascript malware? Serial Number: cd:fb:13:a3:e6:49:ec:c5:df:95:db:88:ca:c1:3f:fb
2
14
1,136
BarryV retweeted
Dan Perez
@MrDanPerez
17 Apr 2024
One really cool thing we've implemented in this iteration of our graduation process is leveraging @virustotal's Collections to provide IOCS to the community for #APT44 - check those out here: virustotal.com/gui/collectio…
1
8
23
2,352
BarryV retweeted
Paige Godvin@paigehacks
24 Jul 2023
First blog post in the books! mandiant.com/resources/blog/…

North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack | Mandiant | Google Cloud Blog

cloud.google.com
2
29
109
16,602
BarryV retweeted
Dan Black@DanWBlack
12 Jul 2023
Today, Mandiant is sharing research on the GRU’s Disruptive Playbook, drawn from insights into GRU’s full-spectrum cyber operations in Ukraine over the past year. mandiant.com/resources/blog/…

The GRU's Disruptive Playbook | Mandiant | Google Cloud Blog

We have tracked GRU disruptive operations against Ukraine adhering to a standard five-phase playbook.

cloud.google.com
3
98
242
53,872
BarryV retweeted
Rubrik
@rubrikInc
23 Jun 2023
Head of Rubrik Zero Labs @stonepwn3000 recently talked to @joetidy of @BBCNews about why it is so rare to hear about Western #CyberAttacks and hacking teams and how the narrative of who the good guys and bad guys are in cyber-space is changing 👇 rbrk.co/43WGGsd

Why is it so rare to hear about Western cyber-attacks?

Could a cyber-attack on a Russian technology company provide a rare insight into a Western hack?

bbc.com
2
17
75
261,753
BarryV retweeted
billy leonard@billyleonard
16 Feb 2023
Really excited to see the culmination of some amazing work from some amazing people get released today. A report from @Google TAG, with contributions from friends at @Mandiant, on cyber activity related to the war in Ukraine. @t_gidwani @ShaneHuntley blog.google/threat-analysis-…

2
26
92
15,985
BarryV retweeted
Moritz@m_r_tz
8 Feb 2023
capa v5.0.0 is out: major improvements for .NET binary analysis, 150 new/updated rules, caching to improve performance standalone and in the IDA Pro plugin, better ELF OS detection, and a lot more. github.com/mandiant/capa/rel… VirusTotal integration updates are next!

Release v5.0.0 · mandiant/capa

This capa version comes with major improvements and additions to better handle .NET binaries. To showcase this we've updated and added over 30 .NET rules. Additionally, capa now caches its rule...

github.com
1
58
167
28,606
BarryV retweeted
Katie Nickels@likethecoins
27 Jan 2023
If you have any intel analysis or threat hunting roles, please reach out to @PhreakingGeek. You'd be hard-pressed to find anyone more passionate about chasing adversaries than he is. I am broken-hearted to have lost him, but I know he'll make a great impact on a new team.
This tweet is unavailable
3
8
33
7,841
BarryV retweeted
VirusTotal@virustotal
26 Jan 2023
We welcome @Mandiant's CAPA and GoReSym to our malware analysis suite. CAPA provides valuable TTPs, and GoReSym produces all kind of metadata to analyse GO samples: blog.virustotal.com/2023/01/…
1
74
244
52,529
BarryV retweeted
Greg Lesnewich@greglesnewich
24 Jan 2023
#100DaysofYARA tons of tasty info can be pulled from Macho headers, especially Load commands! Lets get a generic count of LOAD_DYLIB commands to quantify the amount of external libraries are used - no idea if any # is suspicious github.com/100DaysofYARA/202…
5
19
2,931
BarryV retweeted
Tyler McLellan@tylabs
5 Jan 2023
Mandiant Blog - Turla: A Galaxy of Opportunity mandiant.com/resources/blog/… This is Mandiant’s first observation of suspected Turla targeting Ukrainian entities since the onset of the invasion.

Turla: A Galaxy of Opportunity | Mandiant | Google Cloud Blog

A suspected Turla Team operation distributing a reconnaissance utility and backdoor to malware victims in Ukraine.

cloud.google.com
Tyler McLellan@tylabs
5 Jan 2023
In September 2022 Mandiant Managed Defense detected data staging and exfiltration at a Ukrainian organization. Digging into this incident, we discovered QUIETCANARY (aka Tunnus), a suspected Turla Team backdoor, was the source.
24
33
10,266
BarryV retweeted
Jake Williams
@MalwareJake
19 Dec 2022
What's the technical term for when you've absorbed so much technical debt you're spending all your time addressing support issues rather building?
392
77
1,017
249,195
BarryV retweeted
John@Big_Bad_W0lf_
16 Dec 2022
If we’re gonna haggle/argue over terminology can it please be thrunt.
11
2
32
9,557
BarryV retweeted
Gabby Roncone 🇺🇦 🇵🇸@gabby_roncone
14 Dec 2022
the elites don’t want you to know this, but this is actually sandworm
4
5
53
BarryV retweeted
Tyler McLellan@tylabs
15 Dec 2022
Likely Russian actor distributed trojaned copies of Windows OS: mandiant.com/resources/blog/…

4
11
43
BarryV retweeted
Jared Wilson@JWilsonSecurity
13 Dec 2022
Mandiant observed a POORTRY sample signed with a Microsoft Windows Hardware Compatibility Authenticode signature. Further analysis led to a larger investigation into malicious drivers signed via the Windows Hardware Compatibility Program. 😱🌶️🔥 mandiant.com/resources/blog/…

ALT Mischief Managed Solemnly Swear GIF

2
38
71
BarryV retweeted
Tom Hegel@TomHegel
13 Dec 2022
New from @SentinelOne and @Mandiant: Targeted Attacks Leverage Signed Malicious Microsoft Drivers: 🟣 s1.ai/signed-ms 🟣 mandiant.com/resources/blog/…
34
88
BarryV@BarryV
9 Dec 2022
2013 - "Has anyone checked Mandiant's attribution?" 2015 - "Russians hacked DNC?! Crowdstrike is running a false flag!" 2016 - "Butter e-mails! They're drinking baby adrenaline!" 2018 - " The Ukrainians hacked the DNC! Wheres the server?!" 2020 - "ORANGE CHEETO IS MY GOD"
2
6
BarryV@BarryV
9 Dec 2022
10th anniversary of Mandiant APT1 report Cyber-truther to Qanon evolution begins
1
1
Load more