Iran-Linked Hackers Deploy Modular C&C Framework “Cavern Manticore” Against Israel

Iran-linked hackers use a modular C&C framework, Cavern Manticore, abusing SysAid and DLL sideloading to hit Israeli government and IT providers.

Govern DLL Sideloading Before Control
  • July 10, 2026

Iran-linked Hackers Escalate With A Stealthy New Toolkit

Iran-linked hackers are running a modular command-and-control (C&C) framework against Israel, and the campaign marks a clear jump in tradecraft. The group targets Israeli government entities and IT providers. Moreover, it appears tied to Iran’s Ministry of Intelligence and Security (MOIS), with links to the OilRig subgroup Lyceum, also known as Hexane and SiameseKitten. Consequently, this activity fits a decade-long pattern of MOIS-aligned espionage.

Cavern Manticore’s Roots Run Deep

Lyceum is no newcomer. Since at least 2018, the group has hit oil, gas, and telecom firms across the Middle East and Africa. Furthermore, in 2021 it pivoted to Israeli IT and communications companies using fake LinkedIn job offers and the DanBot and Shark backdoors. That earlier effort also aimed to enable supply chain attacks. Therefore, Cavern Manticore represents an evolution, not a debut.

Cavern Manticore – Iran-Linked Modular C&C Framework Targeting Israel
Iran / MOIS Espionage · Israel

CAVERN MANTICORE

FRAMEWORK: CAVERN_MANTICORE_C2
TARGET: ISRAELI_GOV_&_IT_PROVIDERS
ATTRIBUTION: IRAN_MOIS // OILRIG_LYCEUM
An Iran-linked group is running a modular C&C framework against Israeli government and IT providers, a clear jump in tradecraft. Tied to MOIS subgroup Lyceum (aka Hexane, SiameseKitten), it evolves a decade of espionage rather than starting fresh.
ALIASES: LYCEUM / HEXANE / SIAMESEKITTEN
ACTIVE_SINCE: 2018
C2: HOSPITALINSTALLATION[.]COM
Threat At A Glance
MOIS
Attribution
Iran’s Ministry of Intelligence; OilRig subgroup Lyceum
3
Compile Formats
.NET Framework, Mixed-Mode C++/CLI, and .NET Native AOT
AOT
Key Evasion
Native AOT strips .NET metadata, forcing native RE tools
2018
Active Since
ME/Africa energy & telecom, then Israeli IT from 2021
Infection Chain & Anti-Analysis

The chain abuses SysAid’s update feature to sideload a malicious WinDirStat DLL. Legit WinDirStat.exe then loads a trojanized uxtheme.dll (the Cavern agent), which fetches modules on command, letting operators tailor each deployment per victim.

Its edge is anti-analysis: one shared .NET base compiles into three formats, forcing constant toolchain switching. No packer, no obfuscation, just the format itself. Native AOT strips .NET metadata, pushing analysts to native tools like Ghidra/IDA and leaving most samples effectively undetected.

What The Modules Can Do
  • File & database: file operations, enumeration, and database manipulation.
  • Directory attacks: LDAP brute-force and Active Directory reconnaissance.
  • Network: network reconnaissance and SMB brute-force.
  • Tunneling: SOCKS5 proxy and WebSocket (WSS) tunneling; managed & native modules.

Multi-format Compilation Becomes The Anti-analysis Layer

The framework rests on a shared .NET foundation. However, its components compile into three different formats: standard .NET Framework, Mixed-Mode C++/CLI, and .NET Native AOT. Notably, this is not traditional obfuscation. Analysis shows there is no packer, no control-flow flattening, and no string encryption. Instead, the compilation format itself frustrates analysts. Each format demands a different toolchain, so reverse engineers must constantly context-switch. Native AOT proves especially punishing because it strips .NET metadata and forces analysis with native tools like Ghidra or IDA Pro. As a result, most samples score zero or near-zero detections on VirusTotal.

Agents And Modules Give Attackers Flexibility

Architecturally, Cavern splits into “agents” and “modules.” The agent handles core C&C communication, while modules deliver post-compromise capabilities. Consequently, operators tailor each deployment per victim. The infection chain abuses SysAid’s software update feature to sideload a malicious WinDirStat DLL. The legitimate WinDirStat.exe then loads a trojanized uxtheme.dll, which is the Cavern agent. Afterward, the agent fetches modules on command. Their capabilities include:

  • File operations and enumeration
  • Database enumeration and manipulation
  • LDAP brute-force and Active Directory reconnaissance
  • Network reconnaissance and SMB brute-force
  • SOCKS5 proxy and WebSocket (WSS) tunneling

Both managed and native modules appear in the toolkit, and the agent reaches its C2 through the Iranian-registered domain hospitalinstallation[.]com.

Anti-forensics Erases The Evidence Trail

The agent works hard to stay invisible. Specifically, it isolates each module in its own AppDomain, then terminates that AppDomain after use. Therefore, the module vanishes from memory, leaving no analyzable assembly artifacts. In addition, the agent deletes all files and subdirectories in its working directory, sparing only the communication module, config file, and log files. Because of this, forensic recovery of the full toolkit from a single host becomes nearly impossible.

AI Likely Helped, But Humans Did The Real Work

AI may have influenced some common code. The available evidence suggests that there has been extensive human writing. The comments in code, typos, chosen names, and differences between modules are all indicative of human authorship. It can be stated that Cavern is “a human-authored framework, very plausibly built with some AI assistance for routine code, but driven and shaped throughout by a developer.”

Living Off The Land Powers Lateral Movement

Cavern Manticore leans hard on legitimate tools. For instance, the actor uses RMM solutions for lateral movement between victims. It also uses browser-based remote desktop tools to reach victim environments. Furthermore, it exploits built-in remote printing features for data exfiltration. These living-off-the-land techniques blend malicious activity into normal IT operations. Meanwhile, RMM abuse has become a defining trend.

The Broader Iran-versus-Israel Cyber Front

“Cavern Manticore” does not work alone. In June 2025, Israel had about 1,600 cyber attacks compared to 4,800 attacks in June 2026. Iranian groups have posed as Chaos ransomware to conduct espionage activities, while an Iranian-linked group caused havoc in the LA Metro. Hence, Cavern Manticore is part of a larger cyber espionage program that is highly coordinated.”

Conclusion: When Trusted IT Tools Become the Espionage Path

Cavern Manticore shows how modern espionage no longer depends on loud malware. The framework abuses trusted software behavior, DLL sideloading, RMM tools, browser-based remote access, and modular C&C to move quietly across victim environments. Its strength is not only stealth. It is flexibility.

The attacker can load only the modules needed for each target, erase evidence after use, and blend activity into normal IT operations.

Why This Threat Matters

Iran-linked actors are using Cavern Manticore as a modular control framework against Israeli government and IT providers. That makes the campaign especially dangerous for organizations that rely on trusted administration tools, shared service providers, and remote management workflows.

  • SysAid update abuse creates a trusted delivery path
  • DLL sideloading hides malicious logic behind legitimate binaries
  • Native AOT and mixed compilation reduce detection and slow analysis
  • LDAP and SMB brute-force modules support lateral movement
  • SOCKS5 and WSS tunneling help attackers maintain covert access
  • Anti-forensics removes key artifacts before responders can recover them

This is not simple malware. It is an adaptable espionage framework designed to survive inside real enterprise environments.

Where Xcitium Changes the Outcome

This attack must be stopped where Cavern Manticore depends most on trust, execution and privileged movement.

Xcitium Advanced EDR, powered by Xcitium’s patented Zero-Dwell platform, applies Execution Governance when suspicious tools, DLLs, scripts, modules, or payloads attempt to run.

Unknown code does not receive unrestricted execution rights.
Code can run without being able to cause damage.
Runtime behavior is governed before trust exists.
DLL sideloading, module execution, tunneling tools, reconnaissance activity, and follow-on payloads are stopped before they become operational impact.

Xcitium ITDR strengthens the identity layer when attackers attempt LDAP brute-force, Active Directory reconnaissance, privileged access abuse, or lateral movement across trusted accounts.

Detection asks, “Did we recognize this framework?”
Execution Governance asks, “Could unknown code turn trusted tools into attacker control?”

That is the difference.

Stop Espionage Before Trusted Tools Are Abused

Cavern Manticore proves that nation-state operators are moving deeper into legitimate administration paths. They do not always need obvious malware behavior. They can abuse software updates, sideload DLLs, run modular tooling, and disappear before investigation catches up.

Security teams cannot rely only on after-the-fact detection.
They need runtime control before trust.
They need proof before impact.

Govern unknown execution before it becomes attacker control.
Secure privileged identity before movement spreads.
Prove what malicious activity could not do.

Like what you see? Share with a friend.

Move Away From Detection With Patented Threat Prevention Built For Today's Challenges.

No one can stop zero-day malware from entering your network, but Xcitium can prevent if from causing any damage. Zero infection. Zero damage.

Book a Demo