{
  "name": "Nimbus Manticore Deploys New Malware Targeting Europe",
  "slug": "nimbus-manticore-deploys-new-malware-targeting-europe",
  "description": "The Iranian threat actor Nimbus Manticore has expanded its operations, targeting defense, telecommunications, and aviation sectors in Western Europe. The group uses sophisticated spear-phishing techniques, impersonating HR recruiters to lure victims to fake career portals. Their toolset includes the MiniJunk backdoor and MiniBrowse stealer, which have evolved to employ advanced evasion techniques like multi-stage DLL sideloading, heavy obfuscation, and code signing. The malware infrastructure leverages Azure App Services for resilient command and control. Nimbus Manticore's recent activities demonstrate increased focus on stealth, operational security, and expanding their targeting to align with Iranian strategic priorities.",
  "published": "2025-09-22T19:38:52+00:00",
  "created_at": "2025-09-22T19:38:52+00:00",
  "modified_at": "2025-09-22T20:40:02+00:00",
  "created_at_opencti": "2025-09-22T19:38:52+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-09-22",
    "apt",
    "dll sideloading",
    "obfuscation",
    "spear-phishing",
    "telecommunications"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "zurewebsites.net"
      },
      {
        "id": "",
        "name": "telespazio-careers.com"
      },
      {
        "id": "",
        "name": "rheinmetall.theworldcareers.com"
      },
      {
        "id": "",
        "name": "virgomarketingsolutions.comtions.com"
      },
      {
        "id": "",
        "name": "rheinmetall.gocareers.org"
      },
      {
        "id": "",
        "name": "rheinmetall.careersworld.org"
      },
      {
        "id": "",
        "name": "rheinmetall.careers-hub.org"
      },
      {
        "id": "",
        "name": "createformquestionshelper.com.net"
      },
      {
        "id": "",
        "name": "cloudaskquestioning.eastus.cloudapp.azure.com.net"
      },
      {
        "id": "",
        "name": "cloudaskquestionanswers.com.net"
      },
      {
        "id": "",
        "name": "cloudaskingquestions.azurewebsites.net.net"
      },
      {
        "id": "",
        "name": "cloudaskquestionanswers.azurewebsites.net.net"
      },
      {
        "id": "",
        "name": "cloudaskingquestions.eastus.cloudapp.azure.com.net"
      },
      {
        "id": "",
        "name": "cloudaskingquestioning.azurewebsites.net.net"
      },
      {
        "id": "",
        "name": "airbus.usa-careers.com"
      },
      {
        "id": "",
        "name": "airbus.global-careers.com"
      },
      {
        "id": "",
        "name": "airbus.careersworld.org"
      },
      {
        "id": "",
        "name": "airbus.germanywork.org"
      },
      {
        "id": "",
        "name": "airbus.careers-portal.org"
      },
      {
        "id": "",
        "name": "virgomarketingsolutions.com"
      },
      {
        "id": "",
        "name": "usa-careers.com"
      },
      {
        "id": "",
        "name": "traveltipspage.com"
      },
      {
        "id": "",
        "name": "theworldcareers.com"
      },
      {
        "id": "",
        "name": "thetacticstore.com"
      },
      {
        "id": "",
        "name": "talenthumanresourcestalent.com"
      },
      {
        "id": "",
        "name": "sulumorbusinessservices.com"
      },
      {
        "id": "",
        "name": "rheinmetallcareer.org"
      },
      {
        "id": "",
        "name": "rheinmetallcareer.com"
      },
      {
        "id": "",
        "name": "mojavemassageandwellness.com"
      },
      {
        "id": "",
        "name": "healthcarefluent.com"
      },
      {
        "id": "",
        "name": "gocareers.org"
      },
      {
        "id": "",
        "name": "global-careers.com"
      },
      {
        "id": "",
        "name": "exchtestcheckingapihealth.com"
      },
      {
        "id": "",
        "name": "germanywork.org"
      },
      {
        "id": "",
        "name": "ehealthpsuluth.com"
      },
      {
        "id": "",
        "name": "createformquestionshelper.com"
      },
      {
        "id": "",
        "name": "cloudaskquestionanswers.com"
      },
      {
        "id": "",
        "name": "collaboromarketing.com"
      },
      {
        "id": "",
        "name": "careersworld.org"
      },
      {
        "id": "",
        "name": "careers-portal.org"
      },
      {
        "id": "",
        "name": "careers-hub.org"
      },
      {
        "id": "",
        "name": "boeing-careers.com"
      },
      {
        "id": "",
        "name": "arabiccountriestalent.com"
      },
      {
        "id": "",
        "name": "airtravellog.com"
      },
      {
        "id": "",
        "name": "acupuncturebentonville.com"
      },
      {
        "id": "",
        "name": "ffeacef025ef32ad092eea4761e4eec3c96d4ac46682a0ae15c9303b5c654e3e"
      },
      {
        "id": "",
        "name": "f8a1c69c03002222980963a5d50ab9257bc4a1f2f486c3e7912d75558432be88"
      },
      {
        "id": "",
        "name": "f54fccb26a6f65de0d0e09324c84e8d85e7549d4d04e0aa81e4c7b1ae2f3c0f8"
      },
      {
        "id": "",
        "name": "e77b7ec4ace252d37956d6a68663692e6bde90cdbbb07c1b8990bfaa311ecfb2"
      },
      {
        "id": "",
        "name": "e69c7ea1301e8d723f775ee911900fbf7caf8dcd9c85728f178f0703c4e6c5c0"
      },
      {
        "id": "",
        "name": "d2db5b9b554470f5e9ad26f37b6b3f4f3dae336b3deea3f189933d007c17e3d8"
      },
      {
        "id": "",
        "name": "cf0c50670102e7fc6499e8d912ce1f5bd389fad5358d5cae53884593c337ac2e"
      },
      {
        "id": "",
        "name": "c22b12d8b1e21468ed5d163efbf7fee306e357053d454e1683ddc3fe14d25db5"
      },
      {
        "id": "",
        "name": "b9b3ba39dbb6f4da3ed492140ffc167bde5dee005a35228ce156bed413af622d"
      },
      {
        "id": "",
        "name": "bc9f2abce42141329b2ecd0bf5d63e329a657a0d7f33ccdf78b87cf4e172fbd1"
      },
      {
        "id": "",
        "name": "b43487153219d960b585c5e3ea5bb38f6ea04ec9830cca183eb39ccc95d15793"
      },
      {
        "id": "",
        "name": "afe679de1a84301048ce1313a057af456e7ee055519b3693654bbb7312083876"
      },
      {
        "id": "",
        "name": "b405ae67c4ad4704c2ae33b2cf60f5b0ccdaff65c2ec44f5913664805d446c9b"
      },
      {
        "id": "",
        "name": "a4f5251c81f080d80d1f75ad4cc8f5bc751e7c6df5addcfca268d59107737bd0"
      },
      {
        "id": "",
        "name": "a37d36ade863966fb8520ea819b1fd580bc13314fac6e73cb62f74192021dab9"
      },
      {
        "id": "",
        "name": "9ec7899729aac48481272d4b305cefffa7799dcdad88d02278ee14315a0a8cc1"
      },
      {
        "id": "",
        "name": "9b186530f291f0e6ebc981399c956e1de3ba26b0315b945a263250c06831f281"
      },
      {
        "id": "",
        "name": "954de96c7fcc84fb062ca1e68831ae5745cf091ef5fb2cb2622edf2358e749e0"
      },
      {
        "id": "",
        "name": "95d246e4956ad5e6b167a3d9d939542d6d80ec7301f337e00bb109cc220432cf"
      },
      {
        "id": "",
        "name": "8e7771ed1126b79c9a6a1093b2598282221cad8524c061943185272fbe58142d"
      },
      {
        "id": "",
        "name": "7c77865f27b8f749b7df805ee76cf6e4575cbe0c4d9c29b75f8260210a802fce"
      },
      {
        "id": "",
        "name": "6780116ec3eb7d26cf721607e14f352957a495d97d74234aade67adbdc3ed339"
      },
      {
        "id": "",
        "name": "5d832f1da0c7e07927dcf72d6a6f011bfc7737dc34f39c561d1457af83e04e70"
      },
      {
        "id": "",
        "name": "5985bf904c546c2474cbf94d6d6b2a18a4c82a1407c23a5a5eca3cd828f03826"
      },
      {
        "id": "",
        "name": "53ff76014f650b3180bc87a23d40dc861a005f47a6977cb2fba8907259c3cf7a"
      },
      {
        "id": "",
        "name": "4da158293f93db27906e364a33e5adf8de07a97edaba052d4a9c1c3c3a7f234d"
      },
      {
        "id": "",
        "name": "4260328c81e13a65a081be30958d94b945fea6f2a483d051c52537798b100c69"
      },
      {
        "id": "",
        "name": "41d60b7090607e0d4048a3317b45ec7af637d27e5c3e6e89ea8bdcad62c15bf9"
      },
      {
        "id": "",
        "name": "3b58fd0c0ef8a42226be4d26a64235da059986ec7f5990d5c50d47b7a6cfadcd"
      },
      {
        "id": "",
        "name": "3b4667af3a3e6ed905ae73683ee78d2c608a00e566ae446003da47947320097f"
      },
      {
        "id": "",
        "name": "23c0b4f1733284934c071df2bf953a1a894bb77c84cff71d9bfcf80ce3dc4c16"
      },
      {
        "id": "",
        "name": "1b629042b5f08b7460975b5ecabc5b195fcbdf76ea50416f512a3ae7a677614a"
      },
      {
        "id": "",
        "name": "0e4ff052250ade1edaab87de194e87a9afeff903695799bcbc3571918b131100"
      },
      {
        "id": "",
        "name": "0b2c137ef9087cb4635e110f8e12bb0ed43b6d6e30c62d1f880db20778b73c9a"
      },
      {
        "id": "",
        "name": "061c28a9cf06c9f338655a520d13d9b0373ba9826a2759f989985713b5a4ba2b"
      },
      {
        "id": "",
        "name": "054483046c9f593114bc3ddc3613f71af6b30d2e4b7e7faec1f26e72ae6d7669"
      }
    ],
    "attack_patterns": [
      {
        "id": "c22b5073-f426-4294-98bb-219d17345158",
        "name": "T1553.002"
      },
      {
        "id": "e1b18ecf-d74e-4fe6-9bd4-ca6a62e7d818",
        "name": "T1027.002"
      },
      {
        "id": "93b2c4dd-5523-4464-8976-78754ee372fd",
        "name": "T1012"
      },
      {
        "id": "88fa397b-4cc9-42c0-b52d-4108f9630529",
        "name": "T1095"
      },
      {
        "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74",
        "name": "T1005"
      },
      {
        "id": "a72ebeae-8e62-4039-8135-e9c611011fdc",
        "name": "T1573"
      },
      {
        "id": "60972cf6-e90b-4600-af3c-13c468391d9c",
        "name": "T1106"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "81ee4813-4f68-4984-bec1-980d7c5b56eb",
        "name": "T1132"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "ca53b2fa-42a8-45ec-9682-0cf54bf280f3",
        "name": "T1090"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Sweden"
      },
      {
        "id": "",
        "name": "Portugal"
      },
      {
        "id": "",
        "name": "Denmark"
      },
      {
        "id": "",
        "name": "Israel"
      }
    ]
  },
  "external_refs": [
    "https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/",
    "https://otx.alienvault.com/pulse/68d1c1ecdb0b4acf0cc29af1"
  ]
}