Cavern Manticore Malware Uses Low-Detection .NET Modules for Reconnaissance and Lateral Movement
ID: 3c05bafe-7dff-5e8d-b57b-6fdd33db51b6
STIX ID: report--3c05bafe-7dff-5e8d-b57b-6fdd33db51b6
Feed Name: GBHackers
**Executive summary:** Check Point Research attributes a newly identified Iran-linked APT, Cavern Manticore, to Iran’s Ministry of Intelligence and Security (MOIS); the group deploys a modular .NET-based C2 framework (Cavern agent and multiple mission modules) to target Israeli defense, government, and IT sectors for reconnaissance, credential harvesting, and lateral movement, using low-detection compilation techniques, victim-side proxying, and obfuscated HTTP communications—report includes technical TTPs, detection guidance, and a list of SHA-256 IOCs.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
