From e17f2eda0c7e7bf84e4b84ab3f94633299f646a0 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 21 May 2024 06:56:41 -0700
Subject: [PATCH] [threat-actors] Add Void Manticore

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 70ae18d9..b6062def 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15966,6 +15966,17 @@
       },
       "uuid": "0558bc64-21d9-43e4-8b12-18172d9b5c7d",
       "value": "CiberInteligenciaSV"
+    },
+    {
+      "description": "Void Manticore is an Iranian APT group affiliated with MOIS, known for conducting destructive wiping attacks and influence operations. They collaborate with Scarred Manticore, sharing targets and conducting disruptive operations using custom wipers. Void Manticore's TTPs involve manual file deletion, lateral movement via RDP, and the deployment of custom wipers like the BiBi wiper. The group utilizes online personas like 'Karma' and 'Homeland Justice' to leak information and amplify the impact of their attacks.",
+      "meta": {
+        "country": "IR",
+        "refs": [
+          "https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/"
+        ]
+      },
+      "uuid": "53ac2695-35ba-4ab2-a5cd-48ca533f1b72",
+      "value": "Void Manticore"
     }
   ],
   "version": 308