EXPLORE
Sign In
← Back to Actors

VOID MANTICORE

VOID MANTICORECOBALT MYSTIQUEHandala HackHomeland JusticeKarmaKarmabelow80BANISHED KITTENRed Sandstorm

[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active since at least mid-2022, VOID MANTICORE has targeted government entities, critical infrastructure, and private sector organizations across Albania, Israel, and the United States.(Citation: Check Point VOID MANTICORE Handala Hack March 2026)(Citation: Palo Alto VOID MANTICORE Iran Cyber Threats March 2026) [VOID MANTICORE](https://attack.mitre.org/groups/G1055) conducts...

63
Techniques
57
Covered
6
Gaps
90%
Coverage
Coverage57/63

GAPS (6)

T1583.003Virtual Private ServerT1583.004ServerT1585.001Social Media AccountsT1585.002Email AccountsT1679Selective ExclusionT1684.001Impersonation

COVERED (57)

T1003.001LSASS Memory111 det.T1005Data from Local System47 det.T1021.001Remote Desktop Protocol52 det.T1027.015Compression2 det.T1036.004Masquerade Task or Service7 det.T1036.005Match Legitimate Resource Name or Location44 det.T1041Exfiltration Over C2 Channel31 det.T1047Windows Management Instrumentation87 det.T1059.001PowerShell358 det.T1059.006Python49 det.T1071.001Web Protocols79 det.T1072Software Deployment Tools13 det.T1074Data Staged12 det.T1078Valid Accounts267 det.T1078.002Domain Accounts28 det.T1078.004Cloud Accounts156 det.T1082System Information Discovery82 det.T1087.002Domain Account57 det.T1098Account Manipulation194 det.T1102Web Service33 det.T1105Ingress Tool Transfer181 det.T1110Brute Force88 det.T1110.001Password Guessing35 det.T1110.004Credential Stuffing21 det.T1113Screen Capture18 det.T1114.002Remote Email Collection18 det.T1119Automated Collection11 det.T1123Audio Capture11 det.T1125Video Capture3 det.T1133External Remote Services72 det.T1190Exploit Public-Facing Application210 det.T1199Trusted Relationship6 det.T1204.002Malicious File416 det.T1213.002Sharepoint4 det.T1219.002Remote Desktop Software50 det.T1484.001Group Policy Modification18 det.T1485Data Destruction91 det.T1486Data Encrypted for Impact356 det.T1490Inhibit System Recovery58 det.T1547.001Registry Run Keys / Startup Folder52 det.T1552.002Credentials in Registry7 det.T1560.001Archive via Utility26 det.T1561.001Disk Content Wipe2 det.T1561.002Disk Structure Wipe3 det.T1564.003Hidden Window11 det.T1566Phishing961 det.T1572Protocol Tunneling53 det.T1583.001Domains61 det.T1583.006Web Services1 det.T1587.001Malware10 det.T1588.001Malware2 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1595.002Vulnerability Scanning12 det.T1651Cloud Administration Command7 det.T1657Financial Theft13 det.T1686.003Windows Host Firewall20 det.