Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict

Nimbus Manticore, an IRGC-affiliated APT, resurfaced during Operation Epic Fury (Feb–Apr 2026) using career-themed phishing, a trojanized Zoom installer, and SEO-poisoned fake SQL Developer sites to deploy a new backdoor called MiniFast (evolving from MiniJunk). The report details AppDomain Hijacking and scheduled-task hijacking infection chains, AI-assisted malware development indicators, MiniFast's JSON/C2 protocol and opcode-based tasking, targeted victimology (aviation, software, defense across US, Europe, Middle East), and provides numerous IOCs (SHA256 hashes and malicious domains).