← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Nimbus Manticore Deploys New Malware Targeting Europe
WHITE AlienVault 2025-09-22 Modified: 2025-09-22
107
IOCs
HIGH VOLUME
The Iranian threat actor Nimbus Manticore has expanded its operations, targeting defense, telecommunications, and aviation sectors in Western Europe. The group uses sophisticated spear-phishing techniques, impersonating HR recruiters to lure victims to fake career portals. Their toolset includes the MiniJunk backdoor and MiniBrowse stealer, which have evolved to employ advanced evasion techniques like multi-stage DLL sideloading, heavy obfuscation, and code signing. The malware infrastructure leverages Azure App Services for resilient command and control. Nimbus Manticore's recent activities demonstrate increased focus on stealth, operational security, and expanding their targeting to align with Iranian strategic priorities.
APTtelecommunicationsspear-phishingDLL sideloadingobfuscation
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (107)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0c76c41dfe6989ba042e27755e2b68f7 MD5 of edda7fb72a1302a5658ee279ddf90e0e32779310 2025-09-22
FileHash-MD5 14d8e865d3ca67b88c01f7e5d2b0862d MD5 of 8b4d1cd340c95f7ddfe8e0813949d4ea34f969fc 2025-09-22
FileHash-MD5 1965a61d6f96b7bb221564ad52ba9719 MD5 of 0ffecfb8f6fe484b00ba3a185a3466841ecb9015 2025-09-22
FileHash-MD5 1baeff23794e47eb5c927c0303b7cd92 MD5 of 6b83c47142a49001e51123bfc6de8f9db32d5729 2025-09-22
FileHash-MD5 223196939e1e1ba9256f515b0a510d7a MD5 of 9e0ffbefdc7dee2663eb648ecf4f5d0a1ad521ac 2025-09-22
FileHash-MD5 2dab429e52096fd9eb031fc666965a5e MD5 of daa59b1a6e4ae62bfa91722fc0b2c26799864834 2025-09-22
FileHash-MD5 37197e5ed67443b01c8bc7f1249cba6a MD5 of b467efb7c41b41beb5f0a4d0e06983d7c66be014 2025-09-22
FileHash-MD5 721ec011d75fea67ce9cb2796412651e MD5 of 845ae4cd37f84dfcc052d6647115a7952d0f9702 2025-09-22
FileHash-MD5 83100a20cae2649fd8d0400c96b267fe MD5 of 3a391427902c4b851e09aba4b5ea5d4036fcaeaf 2025-09-22
FileHash-MD5 a17b40b8133c1cc29c6146732086db69 MD5 of c81055c45d790fb59ed5e7d6e8bae73c2efb0e24 2025-09-22
FileHash-MD5 b40533e67e70b7ff7bb53d34a4b9170e MD5 of e8520f70af1114d89e8e26e9acab603c84ead981 2025-09-22
FileHash-MD5 b7e4b752adff07ac1b7b67a9be30b366 MD5 of 8356a79dcd0b240dae13b90252313bde218f3acc 2025-09-22
FileHash-MD5 e23637423599434a6de45b9080b7c561 MD5 of 4ad8370951516dd311ebe7e024fdad3fd00e221e 2025-09-22
FileHash-SHA1 0ffecfb8f6fe484b00ba3a185a3466841ecb9015 SHA1 of 3b4667af3a3e6ed905ae73683ee78d2c608a00e566ae446003da47947320097f 2025-09-22
FileHash-SHA1 3a391427902c4b851e09aba4b5ea5d4036fcaeaf SHA1 of 95d246e4956ad5e6b167a3d9d939542d6d80ec7301f337e00bb109cc220432cf 2025-09-22
FileHash-SHA1 4ad8370951516dd311ebe7e024fdad3fd00e221e SHA1 of 9ec7899729aac48481272d4b305cefffa7799dcdad88d02278ee14315a0a8cc1 2025-09-22
FileHash-SHA1 6b83c47142a49001e51123bfc6de8f9db32d5729 SHA1 of 53ff76014f650b3180bc87a23d40dc861a005f47a6977cb2fba8907259c3cf7a 2025-09-22
FileHash-SHA1 8356a79dcd0b240dae13b90252313bde218f3acc SHA1 of b9b3ba39dbb6f4da3ed492140ffc167bde5dee005a35228ce156bed413af622d 2025-09-22
FileHash-SHA1 845ae4cd37f84dfcc052d6647115a7952d0f9702 SHA1 of 3b58fd0c0ef8a42226be4d26a64235da059986ec7f5990d5c50d47b7a6cfadcd 2025-09-22
FileHash-SHA1 8b4d1cd340c95f7ddfe8e0813949d4ea34f969fc SHA1 of d2db5b9b554470f5e9ad26f37b6b3f4f3dae336b3deea3f189933d007c17e3d8 2025-09-22
FileHash-SHA1 9e0ffbefdc7dee2663eb648ecf4f5d0a1ad521ac SHA1 of f8a1c69c03002222980963a5d50ab9257bc4a1f2f486c3e7912d75558432be88 2025-09-22
FileHash-SHA1 b467efb7c41b41beb5f0a4d0e06983d7c66be014 SHA1 of 9b186530f291f0e6ebc981399c956e1de3ba26b0315b945a263250c06831f281 2025-09-22
FileHash-SHA1 c81055c45d790fb59ed5e7d6e8bae73c2efb0e24 SHA1 of a4f5251c81f080d80d1f75ad4cc8f5bc751e7c6df5addcfca268d59107737bd0 2025-09-22
FileHash-SHA1 daa59b1a6e4ae62bfa91722fc0b2c26799864834 SHA1 of bc9f2abce42141329b2ecd0bf5d63e329a657a0d7f33ccdf78b87cf4e172fbd1 2025-09-22
FileHash-SHA1 e8520f70af1114d89e8e26e9acab603c84ead981 SHA1 of 0e4ff052250ade1edaab87de194e87a9afeff903695799bcbc3571918b131100 2025-09-22
FileHash-SHA1 edda7fb72a1302a5658ee279ddf90e0e32779310 SHA1 of b405ae67c4ad4704c2ae33b2cf60f5b0ccdaff65c2ec44f5913664805d446c9b 2025-09-22
FileHash-SHA256 054483046c9f593114bc3ddc3613f71af6b30d2e4b7e7faec1f26e72ae6d7669 2025-09-22
FileHash-SHA256 061c28a9cf06c9f338655a520d13d9b0373ba9826a2759f989985713b5a4ba2b 2025-09-22
FileHash-SHA256 0b2c137ef9087cb4635e110f8e12bb0ed43b6d6e30c62d1f880db20778b73c9a 2025-09-22
FileHash-SHA256 0e4ff052250ade1edaab87de194e87a9afeff903695799bcbc3571918b131100 SHA256 of e8520f70af1114d89e8e26e9acab603c84ead981 2025-09-22
FileHash-SHA256 1b629042b5f08b7460975b5ecabc5b195fcbdf76ea50416f512a3ae7a677614a 2025-09-22
FileHash-SHA256 23c0b4f1733284934c071df2bf953a1a894bb77c84cff71d9bfcf80ce3dc4c16 2025-09-22
FileHash-SHA256 3b4667af3a3e6ed905ae73683ee78d2c608a00e566ae446003da47947320097f SHA256 of 0ffecfb8f6fe484b00ba3a185a3466841ecb9015 2025-09-22
FileHash-SHA256 3b58fd0c0ef8a42226be4d26a64235da059986ec7f5990d5c50d47b7a6cfadcd SHA256 of 845ae4cd37f84dfcc052d6647115a7952d0f9702 2025-09-22
FileHash-SHA256 41d60b7090607e0d4048a3317b45ec7af637d27e5c3e6e89ea8bdcad62c15bf9 2025-09-22
FileHash-SHA256 4260328c81e13a65a081be30958d94b945fea6f2a483d051c52537798b100c69 2025-09-22
FileHash-SHA256 4da158293f93db27906e364a33e5adf8de07a97edaba052d4a9c1c3c3a7f234d 2025-09-22
FileHash-SHA256 53ff76014f650b3180bc87a23d40dc861a005f47a6977cb2fba8907259c3cf7a SHA256 of 6b83c47142a49001e51123bfc6de8f9db32d5729 2025-09-22
FileHash-SHA256 5985bf904c546c2474cbf94d6d6b2a18a4c82a1407c23a5a5eca3cd828f03826 2025-09-22
FileHash-SHA256 5d832f1da0c7e07927dcf72d6a6f011bfc7737dc34f39c561d1457af83e04e70 2025-09-22
FileHash-SHA256 6780116ec3eb7d26cf721607e14f352957a495d97d74234aade67adbdc3ed339 2025-09-22
FileHash-SHA256 7c77865f27b8f749b7df805ee76cf6e4575cbe0c4d9c29b75f8260210a802fce 2025-09-22
FileHash-SHA256 8e7771ed1126b79c9a6a1093b2598282221cad8524c061943185272fbe58142d 2025-09-22
FileHash-SHA256 954de96c7fcc84fb062ca1e68831ae5745cf091ef5fb2cb2622edf2358e749e0 2025-09-22
FileHash-SHA256 95d246e4956ad5e6b167a3d9d939542d6d80ec7301f337e00bb109cc220432cf SHA256 of 3a391427902c4b851e09aba4b5ea5d4036fcaeaf 2025-09-22
FileHash-SHA256 9b186530f291f0e6ebc981399c956e1de3ba26b0315b945a263250c06831f281 SHA256 of b467efb7c41b41beb5f0a4d0e06983d7c66be014 2025-09-22
FileHash-SHA256 9ec7899729aac48481272d4b305cefffa7799dcdad88d02278ee14315a0a8cc1 SHA256 of 4ad8370951516dd311ebe7e024fdad3fd00e221e 2025-09-22
FileHash-SHA256 a37d36ade863966fb8520ea819b1fd580bc13314fac6e73cb62f74192021dab9 2025-09-22
FileHash-SHA256 a4f5251c81f080d80d1f75ad4cc8f5bc751e7c6df5addcfca268d59107737bd0 SHA256 of c81055c45d790fb59ed5e7d6e8bae73c2efb0e24 2025-09-22
FileHash-SHA256 afe679de1a84301048ce1313a057af456e7ee055519b3693654bbb7312083876 2025-09-22
FileHash-SHA256 b405ae67c4ad4704c2ae33b2cf60f5b0ccdaff65c2ec44f5913664805d446c9b SHA256 of edda7fb72a1302a5658ee279ddf90e0e32779310 2025-09-22
FileHash-SHA256 b43487153219d960b585c5e3ea5bb38f6ea04ec9830cca183eb39ccc95d15793 2025-09-22
FileHash-SHA256 b9b3ba39dbb6f4da3ed492140ffc167bde5dee005a35228ce156bed413af622d SHA256 of 8356a79dcd0b240dae13b90252313bde218f3acc 2025-09-22
FileHash-SHA256 bc9f2abce42141329b2ecd0bf5d63e329a657a0d7f33ccdf78b87cf4e172fbd1 SHA256 of daa59b1a6e4ae62bfa91722fc0b2c26799864834 2025-09-22
FileHash-SHA256 c22b12d8b1e21468ed5d163efbf7fee306e357053d454e1683ddc3fe14d25db5 2025-09-22
FileHash-SHA256 cf0c50670102e7fc6499e8d912ce1f5bd389fad5358d5cae53884593c337ac2e 2025-09-22
FileHash-SHA256 d2db5b9b554470f5e9ad26f37b6b3f4f3dae336b3deea3f189933d007c17e3d8 SHA256 of 8b4d1cd340c95f7ddfe8e0813949d4ea34f969fc 2025-09-22
FileHash-SHA256 e69c7ea1301e8d723f775ee911900fbf7caf8dcd9c85728f178f0703c4e6c5c0 2025-09-22
FileHash-SHA256 e77b7ec4ace252d37956d6a68663692e6bde90cdbbb07c1b8990bfaa311ecfb2 2025-09-22
FileHash-SHA256 f54fccb26a6f65de0d0e09324c84e8d85e7549d4d04e0aa81e4c7b1ae2f3c0f8 2025-09-22
FileHash-SHA256 f8a1c69c03002222980963a5d50ab9257bc4a1f2f486c3e7912d75558432be88 SHA256 of 9e0ffbefdc7dee2663eb648ecf4f5d0a1ad521ac 2025-09-22
FileHash-SHA256 ffeacef025ef32ad092eea4761e4eec3c96d4ac46682a0ae15c9303b5c654e3e 2025-09-22
domain acupuncturebentonville.com 2025-09-22
domain airtravellog.com 2025-09-22
domain arabiccountriestalent.com 2025-09-22
domain boeing-careers.com 2025-09-22
domain careers-hub.org 2025-09-22
domain careers-portal.org 2025-09-22
domain careersworld.org 2025-09-22
domain cloudaskquestionanswers.com 2025-09-22
domain collaboromarketing.com 2025-09-22
domain createformquestionshelper.com 2025-09-22
domain ehealthpsuluth.com 2025-09-22
domain exchtestcheckingapihealth.com 2025-09-22
domain germanywork.org 2025-09-22
domain global-careers.com 2025-09-22
domain gocareers.org 2025-09-22
domain healthcarefluent.com 2025-09-22
domain mojavemassageandwellness.com 2025-09-22
domain rheinmetallcareer.com 2025-09-22
domain rheinmetallcareer.org 2025-09-22
domain sulumorbusinessservices.com 2025-09-22
domain talenthumanresourcestalent.com 2025-09-22
domain thetacticstore.com 2025-09-22
domain theworldcareers.com 2025-09-22
domain traveltipspage.com 2025-09-22
domain usa-careers.com 2025-09-22
domain virgomarketingsolutions.com 2025-09-22
hostname airbus.careers-portal.org 2025-09-22
hostname airbus.careersworld.org 2025-09-22
hostname airbus.germanywork.org 2025-09-22
hostname airbus.global-careers.com 2025-09-22
hostname airbus.usa-careers.com 2025-09-22
hostname cloudaskingquestioning.azurewebsites.net.net 2025-09-22
hostname cloudaskingquestions.azurewebsites.net.net 2025-09-22
hostname cloudaskingquestions.eastus.cloudapp.azure.com.net 2025-09-22
hostname cloudaskquestionanswers.azurewebsites.net.net 2025-09-22
hostname cloudaskquestionanswers.com.net 2025-09-22
hostname cloudaskquestioning.eastus.cloudapp.azure.com.net 2025-09-22
hostname createformquestionshelper.com.net 2025-09-22
hostname rheinmetall.careers-hub.org 2025-09-22
hostname rheinmetall.careersworld.org 2025-09-22
hostname rheinmetall.gocareers.org 2025-09-22
hostname rheinmetall.theworldcareers.com 2025-09-22
hostname virgomarketingsolutions.comtions.com 2025-09-22
domain telespazio-careers.com 2025-09-22
domain zurewebsites.net 2025-09-22
References (1)
↗ https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/