EXPLORE
← Back to Actors

VOID MANTICORE

VOID MANTICORECOBALT MYSTIQUEHandala HackHomeland JusticeKarmaKarmabelow80BANISHED KITTENRed Sandstorm

[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active since at least mid-2022, VOID MANTICORE has targeted government entities, critical infrastructure, and private sector organizations across Albania, Israel, and the United States.(Citation: Check Point VOID MANTICORE Handala Hack March 2026)(Citation: Palo Alto VOID MANTICORE Iran Cyber Threats March 2026) [VOID MANTICORE](https://attack.mitre.org/groups/G1055) conducts...

63
Techniques
57
Covered
6
Gaps
90%
Coverage
Coverage57/63

COVERED (57)

T1003.001LSASS Memory111 det.T1005Data from Local System47 det.T1021.001Remote Desktop Protocol53 det.T1027.015Compression2 det.T1036.004Masquerade Task or Service7 det.T1036.005Match Legitimate Resource Name or Location45 det.T1041Exfiltration Over C2 Channel32 det.T1047Windows Management Instrumentation88 det.T1059.001PowerShell372 det.T1059.006Python51 det.T1071.001Web Protocols81 det.T1072Software Deployment Tools13 det.T1074Data Staged12 det.T1078Valid Accounts297 det.T1078.002Domain Accounts28 det.T1078.004Cloud Accounts183 det.T1082System Information Discovery86 det.T1087.002Domain Account57 det.T1098Account Manipulation229 det.T1102Web Service35 det.T1105Ingress Tool Transfer184 det.T1110Brute Force90 det.T1110.001Password Guessing35 det.T1110.004Credential Stuffing21 det.T1113Screen Capture18 det.T1114.002Remote Email Collection18 det.T1119Automated Collection12 det.T1123Audio Capture11 det.T1125Video Capture3 det.T1133External Remote Services74 det.T1190Exploit Public-Facing Application227 det.T1199Trusted Relationship6 det.T1204.002Malicious File441 det.T1213.002Sharepoint4 det.T1219.002Remote Desktop Software52 det.T1484.001Group Policy Modification19 det.T1485Data Destruction94 det.T1486Data Encrypted for Impact374 det.T1490Inhibit System Recovery62 det.T1547.001Registry Run Keys / Startup Folder53 det.T1552.002Credentials in Registry7 det.T1560.001Archive via Utility26 det.T1561.001Disk Content Wipe2 det.T1561.002Disk Structure Wipe3 det.T1564.003Hidden Window11 det.T1566Phishing1100 det.T1572Protocol Tunneling59 det.T1583.001Domains62 det.T1583.006Web Services1 det.T1587.001Malware10 det.T1588.001Malware2 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1595.002Vulnerability Scanning13 det.T1651Cloud Administration Command13 det.T1657Financial Theft15 det.T1686.003Windows Host Firewall20 det.