Today > | 3 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Void Manticore Destructive Activities in Israel

May 21, 2024, 4:07 p.m.

Description

This analysis details the destructive operations carried out by the Iranian threat actor Void Manticore, also known as Storm-842, against Israeli organizations. The group utilizes various techniques, including custom wipers for Windows and Linux, manual file deletion, and partition table corruption. Their activities involve leaking exfiltrated data through online personas like 'Karma' and are characterized by politically charged messaging, such as naming their wipers after Israeli Prime Minister Benjamin Netanyahu. Void Manticore's operations exhibit coordination with another Iranian actor, Scarred Manticore (Storm-861), suggesting target handoffs between the two groups.

Date

Published: May 20, 2024, 4:35 p.m.

Created: May 20, 2024, 4:35 p.m.

Modified: May 21, 2024, 4:07 p.m.

Attack Patterns

Cl Wiper

BiBi Wiper

Void Manticore

T1609

T1490

T1583

T1505

T1489

T1486

T1564

T1547

T1499

T1485

Additional Informations

Albania

Israel