logo

Cavern Manticore Malware Uses Low-Detection .NET Modules for Reconnaissance and Lateral Movement

ID: 3c05bafe-7dff-5e8d-b57b-6fdd33db51b6

STIX ID: report--3c05bafe-7dff-5e8d-b57b-6fdd33db51b6

Feed Name: GBHackers

Threat Score
90/100

Date Published: 2026-07-07

Date Updated: 2026-07-07

Author: Mayura Kathir

...
...

**Executive summary:** Check Point Research attributes a newly identified Iran-linked APT, Cavern Manticore, to Iran’s Ministry of Intelligence and Security (MOIS); the group deploys a modular .NET-based C2 framework (Cavern agent and multiple mission modules) to target Israeli defense, government, and IT sectors for reconnaissance, credential harvesting, and lateral movement, using low-detection compilation techniques, victim-side proxying, and obfuscated HTTP communications—report includes technical TTPs, detection guidance, and a list of SHA-256 IOCs.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.