← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict
WHITE Nimbus Manticore AlienVault 2026-05-25 Modified: 2026-05-25
69
IOCs
HIGH VOLUME
The Iranian IRGC-affiliated threat actor Nimbus Manticore launched sophisticated cyber operations during Operation Epic Fury, the US military campaign against Iran beginning February 28, 2026. The campaigns targeted organizations in aviation and software sectors across the United States, Europe, and Middle East using career-themed phishing lures. For the first time, the actor employed SEO poisoning techniques and introduced MiniFast, a previously undocumented backdoor showing signs of AI-assisted development. The operations leveraged AppDomain hijacking and abused legitimate Zoom installer execution flows for malware deployment. The actor demonstrated rapid adaptation capabilities during wartime conditions, maintaining high operational availability while expanding targeting to US-based aviation companies. Multiple campaign waves were observed from February through April 2026, with persistent infrastructure and evolving techniques.
operation epic furyminifastminijunkseo poisoningnimbus manticoreappdomain hijacking
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
MiniFast MiniJunk
Indicators of Compromise (27 / 69 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 0291ef318576953f7f3fe287e7775ed1d7c3206119dc7b9cd6d85c02779e6e40 2026-05-25
FileHash-SHA256 0db36a04d304ad96f9e6f97b531934594cd95a5cea9ff2c9af249201089dc864 2026-05-25
FileHash-SHA256 10fd541674adadfbba99b54280f7e59732746faf2b10ce68521866f737f1e46d 2026-05-25
FileHash-SHA256 2c214494fd0bad31473ca8adce78a4f50847876584571e66aadeae70827ec2dc 2026-05-25
FileHash-SHA256 332ba2f0297dfb1599adecc3e9067893e7cf243aa23aedce4906a4c480574c17 2026-05-25
FileHash-SHA256 38bd137c672bd58d08c4f0502f993a6561e2c3411773d1ae57ee0151a0a9d11d 2026-05-25
FileHash-SHA256 43dc62cef52ebdd69e79f10015b3e13890f26c058325c0ff139c70f8d8eadcfa 2026-05-25
FileHash-SHA256 44f4f7aca7f1d9bfdaf7b3736934cbe19f851a707662f8f0b0c49b383e054250 2026-05-25
FileHash-SHA256 485f182f7b74ea4013b2539275a95d21e3a9bf0082c331937af9353a324b36f3 2026-05-25
FileHash-SHA256 5c3362d20229597d11380f56d1f2eb39647fb6afad7be8392a7abcd18dff12f8 2026-05-25
FileHash-SHA256 63d0d3c4a7f71bdbca720903d6a99b832089cc093c64d2938e7e001e56c17ab4 2026-05-25
FileHash-SHA256 64530d7e6ee30e4a66d9eeed6b8595c33fd72f5f73409133ca40539e5695df4c 2026-05-25
FileHash-SHA256 74882085db2088356ed7f72f01e0404a0a98cda88ef56fb15ce74c1f36b26d27 2026-05-25
FileHash-SHA256 781605ce9d4a9869e846f6c9657d71437cb6240ab27ffbc4cd550c0e06996690 2026-05-25
FileHash-SHA256 8808c794c24367438f183e4be941876f1d3ecd0c8d2eb43b10d2380841d2283b 2026-05-25
FileHash-SHA256 9cf029daca89523d917dafed0568d11d00e45ec96b5b90b4a1f7fd4018c7da84 2026-05-25
FileHash-SHA256 9e4a658e6d831c9e9bdfe11884a75b7c64812ed0a80e8495ddf6b316505acac1 2026-05-25
FileHash-SHA256 a13ba3c5aff46e9daf2d23df4b3e3d49dc7236c207c56f0a1433051f3450d441 2026-05-25
FileHash-SHA256 a57ffb819fe8d98ff925c5d7b239598fe302acf5a13193d7a535040a71298fdf 2026-05-25
FileHash-SHA256 b19e06da580cf91691eda066ac9ee4b09c6e5dc26c367af12660fe1f9306eec4 2026-05-25
FileHash-SHA256 bc3b44154518c5794ce639108e7b9c5fecb0c189607a26de1aaed518d890c7ad 2026-05-25
FileHash-SHA256 d4a7e9f107fe40c1a5d0139c6c6e25bf6bf57f61feff090bee28f476bb3cc3c2 2026-05-25
FileHash-SHA256 dfa1e3137a032ee8561a1cd5e1a0f71a10bebb36aef7c336c878638a9c1239ee 2026-05-25
FileHash-SHA256 ecaf493c320d201d285ef5f61d75744216e47cf1115b4af528f9a78883cc446e 2026-05-25
FileHash-SHA256 eee657ffdb2af8ed6412221e7d5fbf4f5742f2ac2c88f43f12db46af0697de71 2026-05-25
FileHash-SHA256 f08b17856616d66492a24dced27f788e235f35f42fa7cd10f315000d3a2f4c03 2026-05-25
FileHash-SHA256 f54cd38632ac9da3af3533ae93e92625cbcb04df521dbf1b6acfaa81218f9e8c 2026-05-25
References (1)
↗ https://research.checkpoint.com/2026/fast-and-furious-nimbus-manticore-operations-during-the-iranian-conflict/