logo

Cavern Manticore: New Iranian C2 Framework Targets Israeli Organizations

ID: d9bd6146-d293-5a31-8584-8b0048bfd25f

STIX ID: report--d9bd6146-d293-5a31-8584-8b0048bfd25f

Feed Name: ThreatCluster

Threat Score
90/100

Date Published: 2026-07-06

Date Updated: 2026-07-07

...
...

Check Point Research identified "Cavern," a modular .NET-based command-and-control framework used by the Iranian APT group Cavern Manticore to target Israeli IT providers and government sectors; attackers trojanize SysAid software updates to deploy a Cavern Agent that connects to C2 servers to download modules for reconnaissance, data theft, and lateral movement, and the framework uses multiple .NET compilation formats as an anti-analysis layer.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.