Cavern Manticore: New Iranian C2 Framework Targets Israeli Organizations
ID: d9bd6146-d293-5a31-8584-8b0048bfd25f
STIX ID: report--d9bd6146-d293-5a31-8584-8b0048bfd25f
Feed Name: ThreatCluster
Threat Score
Check Point Research identified "Cavern," a modular .NET-based command-and-control framework used by the Iranian APT group Cavern Manticore to target Israeli IT providers and government sectors; attackers trojanize SysAid software updates to deploy a Cavern Agent that connects to C2 servers to download modules for reconnaissance, data theft, and lateral movement, and the framework uses multiple .NET compilation formats as an anti-analysis layer.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
