Key Takeaways
- An Iranian Ministry of Intelligence and Security (MOIS)–linked hacking group, tracked as Cavern Manticore, has deployed a new modular C2 framework called Cavern (Cav3rn).
- The framework combines .NET Framework, .NET Mixed‑Mode C++/CLI, and .NET Native AOT compilation, creating an anti‑analysis layer that forces analysts to use multiple toolsets.
- Core components consist of a Cavern Agent (uxtheme.dll) and interchangeable Cavern modules for reconnaissance, data theft, tunneling, and lateral movement.
- Initial infection exploits SysAid’s software‑update mechanism via DLL side‑loading, after which the agent contacts the C2 server hospitalinstallation[.]com to fetch additional modules on demand.
- Five distinct modules have been identified: file handling (mhm.dll), SQL database interaction (db.dll), Active Directory reconnaissance (ode.dll), network/SMB probing (n-ten.dll), and SOCKS5/WebSocket tunneling (n-sws.dll).
- The framework’s design permits operators to tailor deployments to victim profiles, lower forensic visibility, and maintain persistence through bespoke post‑exploitation capabilities.
- Attacks often pivot from an initial compromised IT provider to a second‑hop provider before reaching the final target, leveraging trusted service‑provider relationships and Remote Monitoring and Management (RMM) tools.
- The activity aligns with broader Iranian state‑sponsored campaigns (e.g., MuddyWater) that have scanned over 12,000 internet‑exposed systems and moved to credential harvesting and data exfiltration in aviation, energy, and government sectors across the Middle East.
Overview of the Cavern Manticore Threat Actor
Cavern Manticore is a cyber‑espionage group assessed to be affiliated with Iran’s Ministry of Intelligence and Security (MOIS). Check Point Research first observed the group’s activity targeting Israeli organizations, particularly IT providers and government entities. The group’s operational name derives from its use of a previously undocumented command‑and‑control (C2) framework dubbed Cavern (also referenced as Cav3rn). The framework represents a mature, adaptable toolkit built around a shared .NET foundation, employing multiple compilation formats to hinder analysis and forensic detection.
Technical Composition of the Cavern Framework
The Cavern framework is modular, separating core communication duties from mission‑specific post‑exploitation functions. The central piece, the Cavern Agent, is implemented as a trojanized DLL named uxtheme.dll. This agent loads a standalone communication DLL (n-HTCommp.dll) that contacts the C2 server over HTTPS or WebSocket to retrieve additional modules as needed. Around the agent orbit five specialized DLL modules, each responsible for a distinct capability set: file operations, database interaction, Active Directory reconnaissance, network/SMB probing, and tunneling. This compartmentalization lets operators mix and match components based on the victim’s environment, reducing the footprint of any single malicious binary.
Compilation Diversity as an Anti‑Analysis Tactic
A defining characteristic of Cavern is its use of three different .NET compilation targets across its components. Modules mhm.dll, db.dll, and ode.dll are pure .NET Framework assemblies. In contrast, n-HTCommp.dll, n-ten.dll, and n-sws.dll employ Native AOT (Ahead‑of‑Time) compilation. The main agent uxtheme.dll blends managed .NET code with native C++ in a Mixed‑Mode C++/CLI portable executable. By spreading the codebase across these formats, the framework forces reverse engineers to switch between disparate toolsets (e.g., dnSpy, ILSpy, and native disassemblers) and reconstruct metadata, substantially raising the analytical burden. Additionally, the agent uses AppDomain isolation to load managed modules, further obscuring activity from memory‑forensic scanners.
Infection Chain via SysAid Software Updates
The initial intrusion vector identified by Check Point leverages the legitimate update mechanism of SysAid, an IT service‑management platform. Attackers abuse the software‑update feature to trigger a DLL side‑loading sequence that results in the execution of the malicious uxtheme.dll (disguised as a legitimate system DLL, uxtheme.dll). Once loaded, the agent immediately contacts the C2 server at hospitalinstallation[.]com to fetch further modules. This approach capitalizes on the trust placed in automated patching pipelines, enabling the threat actor to gain a foothold without raising immediate suspicion.
Functionality of the Five Identified Cavern Modules
- mhm.dll: Handles file system interactions, including enumeration, recursive search, archiving, and bidirectional file transfers.
- db.dll: Focuses on SQL database enumeration, querying, exporting, and manipulation, facilitating data exfiltration from relational stores.
- ode.dll: Performs Active Directory reconnaissance, enumerating users and groups, and attempts LDAP brute‑force to harvest credentials.
- n-ten.dll: Conducts network reconnaissance—port scanning, share discovery, and SMB brute‑force attacks—to map internal networks and identify lateral‑movement pathways.
- n-sws.dll: Implements a SOCKS5 proxy and WebSocket tunneling mechanism, allowing stealthy communication and data exfiltration even when direct outbound channels are blocked.
Each module is designed to be fetched on‑demand, enabling the attacker to adapt the payload to the specific defenses and data stores present in a compromised host.
Module Loading Mechanisms and Anti‑Forensics
The agent’s unified dispatcher treats any component whose filename begins with “n‑” as a native DLL, loading it via the Windows LoadLibraryA API. Components lacking that prefix are considered managed .NET assemblies and are loaded through AppDomain isolation, a technique that loads each module into a separate application domain, limiting the visibility of malicious code in process‑memory snapshots and complicating behavioral detection. This isolation also helps prevent accidental cross‑contamination between modules, preserving operational security.
Supply‑Chain Lateral Movement Tactics
Cavern Manticore frequently demonstrates a two‑hop infection pattern: the group first compromises an IT provider (often via the SysAid update abuse), then uses that foothold to infiltrate a second‑hop provider before finally reaching the intended target organization. This strategy leverages trusted relationships within the software supply chain, particularly those involving Remote Monitoring and Management (RMM) solutions. By masquerading malicious payloads as legitimate updates or using built‑in remote‑desktop and remote‑printing features, the actor can move laterally across networks while blending with normal administrative traffic. In environments where clipboard or file‑transfer controls are tight, the group has been observed abusing remote‑printing capabilities to exfiltrate data.
Connection to Wider Iranian Cyber Campaigns
The emergence of Cavern Manticore aligns with a broader surge in Iranian state‑sponsored activity observed over recent months. The threat cluster known as MuddyWater has been conducting extensive reconnaissance across more than 12,000 internet‑exposed systems, exploiting vulnerabilities in services such as SmarterMail, n8n, N‑central, Langflow, and Laravel Livewire. After this broad scanning phase, MuddyWater (and likely related groups like Cavern Manticore) have shifted toward focused credential harvesting and data exfiltration targeting aviation, energy, and government sectors in Egypt, Israel, and the United Arab Emirates. The campaigns combine vulnerability exploitation, Outlook Web Access (OWA) brute‑force attempts, and newly identified C2 controllers that support multiple communication protocols, confirming the exfiltration of sensitive data from compromised environments.
Strategic Implications for Defenders
The Cavern framework illustrates how advanced adversaries are evolving their toolsets to defeat traditional signature‑based and behavioral defenses. By employing varied compilation techniques, modular payloads, and supply‑chain abuse, threat actors can maintain persistence while minimizing detectable artifacts. Organizations should therefore:
- Hard‑enforce software‑update integrity – verify signatures and restrict update channels to trusted sources.
- Monitor for anomalous DLL side‑loading – especially involving legitimate utilities like SysAid.
- Deploy application‑control and allow‑list policies that block execution of unsigned or non‑standard DLLs.
- Inspect network traffic for uncommon protocols – such as WebSocket or SOCKS5 tunnels to unexpected domains.
- Enforce least‑privilege principles on IT and RMM accounts to limit lateral movement.
- Employ memory‑forensic tools capable of cross‑domain inspection to counter AppDomain isolation tactics.
By addressing these areas, defenders can reduce the likelihood that a Cavern‑style modular framework achieves its objectives of stealthy reconnaissance, credential theft, and data exfiltration.
This summary synthesizes the technical details and operational context provided by Check Point Research and related threat‑intelligence reports, delivering a comprehensive overview of the Cavern Manticore threat actor and its novel C2 framework.

