Void Manticore

Void Manticore is a malicious software (malware) that has been associated with notable threat actors, including an Iranian actor operating in Israel and Albania. It's designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once installed, it can steal personal information, disrupt operations, or even hold data for ransom. One of its distinctive features is the use of the Rhadamanthys stealer, a tool used to extract sensitive data from infected systems. The first known use of the Rhadamanthys stealer by Void Manticore was in a campaign tied to Handala, a persona linked to this malware. The campaign involved distributing the Rhadamanthys stealer under the pretense of an F5 update, marking the beginning of its continued deployment in subsequent campaigns. These campaigns typically impersonated Israeli and international companies, demonstrating a sophisticated approach to social engineering and targeted attacks. Throughout 2024, the activities of threat actors leveraging the Rhadamanthys stealer have been closely monitored, highlighting its association with nation-state threat actors like Iran's Void Manticore and the pro-Palestine group "Handala". In addition to phishing protections, organizations seeking to defend against these threats should be aware of another unique aspect of the campaign: a stealth feature known as CopyR(ight)hadamantys. This highlights the need for comprehensive cybersecurity strategies that address both common and unique threats.