Pulse Detail — Threat Intelligence

PULSE NAME

Nimbus Manticore Deploys New Malware Targeting Europe

WHITE AlienVault 2025-09-22 Modified: 2025-09-22

107

IOCs

HIGH VOLUME

The Iranian threat actor Nimbus Manticore has expanded its operations, targeting defense, telecommunications, and aviation sectors in Western Europe. The group uses sophisticated spear-phishing techniques, impersonating HR recruiters to lure victims to fake career portals. Their toolset includes the MiniJunk backdoor and MiniBrowse stealer, which have evolved to employ advanced evasion techniques like multi-stage DLL sideloading, heavy obfuscation, and code signing. The malware infrastructure leverages Azure App Services for resilient command and control. Nimbus Manticore's recent activities demonstrate increased focus on stealth, operational security, and expanding their targeting to align with Iranian strategic priorities.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1553.002 T1082 T1106 T1005 T1140 T1036 T1055 T1090 T1059 T1083 T1204 T1566 T1027 T1573 T1095 T1012 T1132 T1027.002

Indicators of Compromise (13 / 107 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	0c76c41dfe6989ba042e27755e2b68f7	MD5 of edda7fb72a1302a5658ee279ddf90e0e32779310	2025-09-22
FileHash-MD5	14d8e865d3ca67b88c01f7e5d2b0862d	MD5 of 8b4d1cd340c95f7ddfe8e0813949d4ea34f969fc	2025-09-22
FileHash-MD5	1965a61d6f96b7bb221564ad52ba9719	MD5 of 0ffecfb8f6fe484b00ba3a185a3466841ecb9015	2025-09-22
FileHash-MD5	1baeff23794e47eb5c927c0303b7cd92	MD5 of 6b83c47142a49001e51123bfc6de8f9db32d5729	2025-09-22
FileHash-MD5	223196939e1e1ba9256f515b0a510d7a	MD5 of 9e0ffbefdc7dee2663eb648ecf4f5d0a1ad521ac	2025-09-22
FileHash-MD5	2dab429e52096fd9eb031fc666965a5e	MD5 of daa59b1a6e4ae62bfa91722fc0b2c26799864834	2025-09-22
FileHash-MD5	37197e5ed67443b01c8bc7f1249cba6a	MD5 of b467efb7c41b41beb5f0a4d0e06983d7c66be014	2025-09-22
FileHash-MD5	721ec011d75fea67ce9cb2796412651e	MD5 of 845ae4cd37f84dfcc052d6647115a7952d0f9702	2025-09-22
FileHash-MD5	83100a20cae2649fd8d0400c96b267fe	MD5 of 3a391427902c4b851e09aba4b5ea5d4036fcaeaf	2025-09-22
FileHash-MD5	a17b40b8133c1cc29c6146732086db69	MD5 of c81055c45d790fb59ed5e7d6e8bae73c2efb0e24	2025-09-22
FileHash-MD5	b40533e67e70b7ff7bb53d34a4b9170e	MD5 of e8520f70af1114d89e8e26e9acab603c84ead981	2025-09-22
FileHash-MD5	b7e4b752adff07ac1b7b67a9be30b366	MD5 of 8356a79dcd0b240dae13b90252313bde218f3acc	2025-09-22
FileHash-MD5	e23637423599434a6de45b9080b7c561	MD5 of 4ad8370951516dd311ebe7e024fdad3fd00e221e	2025-09-22

References (1)

↗ https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/