Cavern Manticore Unmasked: Inside Iran-Linked Malware Framework Targeting Israeli Government and IT Networks
Check Point researchers have uncovered Cavern Manticore, an advanced Iran-linked cyber espionage operation using a stealthy modular .NET command-and-control framework to infiltrate Israeli government and IT organizations through trusted supplier networks.
Xcademia Team
Xcademia Research Team

Cavern Manticore: Exposing an Advanced Iran-Linked Cyber Espionage Framework
Cybersecurity researchers at Check Point Research (CPR) have revealed a sophisticated modular command-and-control (C2) framework known as Cavern, operated by the Iran-linked threat actor Cavern Manticore. The campaign primarily targets Israeli government agencies, IT providers, and organizations connected to critical supplier ecosystems.
The newly discovered framework demonstrates a significant evolution in Iranian cyber operations, combining advanced stealth techniques, modular architecture, anti-analysis capabilities, and supply-chain compromise tactics to maintain long-term access within victim environments.
According to CPR, Cavern Manticore shares technical and operational overlaps with Iranian intelligence-linked threat groups including MuddyWater and Lyceum, both previously associated with Iran's Ministry of Intelligence and Security (MOIS).
A Modular Framework Built for Long-Term Intrusions
At its core, Cavern is a post-exploitation framework designed to give operators flexibility after gaining access to a target environment.
Unlike traditional malware that bundles all capabilities into a single payload, Cavern separates its functions into specialized modules that can be deployed as needed.
The framework consists of:
Module | Function |
|---|---|
Cavern Agent | Core backdoor and orchestration component |
Communication Module | HTTPS and WebSocket communications |
File Manager | File operations and credential decryption |
SQL Browser | Database access and manipulation |
LDAP Module | Active Directory reconnaissance |
Network Module | Network scanning and SMB operations |
Tunnel Module | SOCKS5 proxy and WebSocket tunneling |
This modular design allows attackers to minimize their footprint while loading only the tools required for a specific mission.

How Cavern Gains Access
Researchers observed several attacks beginning with the abuse of legitimate Remote Monitoring and Management (RMM) software already deployed inside targeted organizations.
In many cases, the attackers leveraged trusted administrative tools and supplier relationships rather than exploiting software vulnerabilities directly.
A typical attack chain involves:
Compromise of an IT service provider
Abuse of remote management access
Deployment of malicious files through software update mechanisms
DLL sideloading using legitimate applications
Installation of the Cavern Agent
Retrieval of additional modules from command-and-control servers
This approach enables threat actors to blend into legitimate administrative activity and avoid raising immediate security alerts.
Anti-Analysis Techniques That Frustrate Defenders
One of the most innovative aspects of Cavern is its use of multiple .NET compilation formats as a defensive mechanism against malware analysts.
Instead of relying heavily on traditional obfuscation, the developers compiled different components using three separate technologies:
Standard .NET Framework
Mixed-Mode C++/CLI
.NET Native AOT
Each format requires different reverse-engineering tools and analysis workflows.
This forces analysts to switch between multiple toolchains when investigating the framework, significantly increasing the time and effort required for analysis.
Researchers noted that the compilation strategy itself functions as an anti-analysis layer.
Key Anti-Analysis Features
Multiple binary formats
NativeAOT compiled modules
Runtime metadata reconstruction requirements
Hidden API imports
Dynamic string hydration
Per-module AppDomain isolation
Automatic module unloading after execution
The result is a malware ecosystem that remains largely invisible to conventional detection methods.
Extremely Low Detection Rates
One of the most concerning findings is the framework's ability to evade security products.
Many recovered samples received either zero detections or extremely low detection scores on VirusTotal at the time of analysis.
The combination of:
Native compilation
Dynamic loading
Modular execution
Custom communication protocols
makes Cavern particularly difficult for traditional signature-based security solutions to identify.

Deep Post-Exploitation Capabilities
Once deployed, Cavern provides operators with a wide range of intelligence-gathering and lateral movement capabilities.
File System Operations
The File Manager module enables:
File browsing
Directory manipulation
File searching
Archive creation
File transfer
Data compression
It also includes the ability to decrypt Windows DPAPI-protected data, potentially exposing credentials and sensitive information stored by the compromised user.
Database Access
The SQL Browser module can:
Enumerate databases
Execute SQL queries
Export records
Modify data
Access enterprise database environments
Active Directory Reconnaissance
The LDAP module provides:
User enumeration
Group discovery
Directory searches
Credential testing
LDAP brute-force capabilities
Network Reconnaissance
The Network Module enables:
DNS resolution
Host discovery
Port scanning
Share enumeration
SMB credential attacks
Domain reconnaissance
Tunneling and Proxy Services
The Tunnel Module supports:
SOCKS5 proxying
WebSocket communications
Secure tunneling
Remote network access
Together, these capabilities provide attackers with nearly everything required to expand access across a compromised network.
Supply Chain Targeting and Multi-Hop Intrusions
Researchers observed a particularly concerning operational pattern.
Instead of attacking high-value targets directly, Cavern Manticore frequently compromised trusted service providers first.
The attackers then moved through multiple organizations before reaching their intended targets.
In several incidents:
An IT provider was compromised.
Access was used to reach a second service provider.
The final target organization was then accessed through trusted relationships.
This multi-hop intrusion strategy allows attackers to bypass traditional perimeter defenses and exploit trust between organizations.
Human Developers Behind the Framework
One of the more interesting findings from the research is evidence suggesting substantial human involvement in the framework's development.
Researchers discovered:
Frustrated debugging messages
Misspellings in code
Personal naming conventions
Inconsistent formatting choices
Examples include error messages containing profanity and developer comments that appear to have been written during active debugging.
Check Point researchers believe AI-assisted coding may have been used for routine tasks, but the framework's architecture and operational design strongly indicate experienced human developers were responsible for its creation.

Attribution Points Toward Iranian Threat Actors
Several indicators support the assessment that Cavern Manticore is linked to Iranian cyber operations.
Researchers identified:
Infrastructure associated with Iranian hosting providers
Technical overlaps with Lyceum and MuddyWater
Historical targeting patterns matching Iranian intelligence objectives
Similar use of SysAid infrastructure observed in previous Iranian campaigns
Shared operational techniques involving trusted service providers
The infrastructure included domains such as:
hospitalinstallation.com
auth.hospitalinstallation.com
google.com.hospitalinstallation.com
The findings strengthen the connection between Cavern Manticore and MOIS-aligned cyber activity.
What Security Teams Should Do
The report highlights the growing importance of monitoring trusted administrative tools and third-party access channels.
Organizations should:
Audit Remote Monitoring and Management platforms
Monitor DLL sideloading activity
Review execution of suspicious uxtheme.dll files
Inspect ProgramData directories for unusual binaries
Strengthen third-party access controls
Monitor anomalous supplier network activity
Implement behavioral detection rather than relying solely on signatures
As threat actors increasingly abuse legitimate software and trusted relationships, organizations must focus on detecting suspicious behavior rather than only known indicators of compromise.
Final Thoughts
Cavern Manticore represents a significant advancement in Iran-linked cyber espionage capabilities. Its modular architecture, sophisticated anti-analysis design, low detection rates, and supply-chain attack strategy demonstrate a mature operational framework capable of adapting to diverse environments.
The campaign serves as a reminder that modern cyber threats are increasingly built around trusted access, supplier ecosystems, and stealthy post-exploitation frameworks rather than traditional malware delivery techniques.
For defenders, understanding behavioral patterns, monitoring administrative tools, and securing third-party relationships will be essential in countering threats like Cavern.
Source: Check Point Research (CPR)
About the Author