Description
This analysis details the destructive operations carried out by the Iranian threat actor Void Manticore, also known as Storm-842, against Israeli organizations. The group utilizes various techniques, including custom wipers for Windows and Linux, manual file deletion, and partition table corruption. Their activities involve leaking exfiltrated data through online personas like 'Karma' and are characterized by politically charged messaging, such as naming their wipers after Israeli Prime Minister Benjamin Netanyahu. Void Manticore's operations exhibit coordination with another Iranian actor, Scarred Manticore (Storm-861), suggesting target handoffs between the two groups.
Date
| Published | Created | Modified |
|---|---|---|
| May 20, 2024, 4:35 p.m. | May 20, 2024, 4:35 p.m. | May 21, 2024, 4:07 p.m. |
Attack Patterns
Cl Wiper
BiBi Wiper
Void Manticore
T1609
T1490
T1583
T1505
T1489
T1486
T1564
T1547
T1499
T1485
Additional Informations
Albania
Israel