[threat-actors] Add Void Manticore

2024-05-21 06:56:41 -07:00 · 2024-05-21 06:56:41 -07:00 · e17f2eda0c
parent 754a9b08f8
commit e17f2eda0c
1 changed files with 11 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -15966,6 +15966,17 @@
      },
      "uuid": "0558bc64-21d9-43e4-8b12-18172d9b5c7d",
      "value": "CiberInteligenciaSV"
+    },
+    {
+      "description": "Void Manticore is an Iranian APT group affiliated with MOIS, known for conducting destructive wiping attacks and influence operations. They collaborate with Scarred Manticore, sharing targets and conducting disruptive operations using custom wipers. Void Manticore's TTPs involve manual file deletion, lateral movement via RDP, and the deployment of custom wipers like the BiBi wiper. The group utilizes online personas like 'Karma' and 'Homeland Justice' to leak information and amplify the impact of their attacks.",
+      "meta": {
+        "country": "IR",
+        "refs": [
+          "https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/"
+        ]
+      },
+      "uuid": "53ac2695-35ba-4ab2-a5cd-48ca533f1b72",
+      "value": "Void Manticore"
    }
  ],
  "version": 308