"The framework reflects a mature and adaptable toolset built around a shared .NET foundation, while using multiple compilation formats across different components, including .NET Framework, .NET Mixed-Mode C++/CLI, and .NET Native AOT," Check Point Research said.
Who Check Point Research attributes Cavern Manticore to — and what they found
Check Point Research has attributed a newly observed campaign to a threat cluster it calls Cavern Manticore, describing the operators as affiliated with Iran's Ministry of Intelligence and Security (MOIS). The activity has primarily targeted Israeli organizations, focusing on IT providers and government sectors, and shows tactical overlap with other tracked actors such as MuddyWater and Lyceum.
According to the report, Cavern Manticore uses a previously undocumented, modular command-and-control framework dubbed Cavern (aka Cav3rn). Check Point frames the framework as an adaptable toolset that deliberately complicates forensic and reverse-engineering efforts by using multiple .NET compilation formats across components.
Cavern C2 architecture and anti-analysis techniques
The Cavern framework divides responsibilities between a core agent and separately deployed modules. The documented attack chain begins with a trojanized DLL — uxtheme.dll — that contains the Cavern Agent. The agent then loads a standalone communication DLL, n-HTCommp.dll, which contacts a command-and-control server at hospitalinstallation[.]com and fetches post-exploitation modules on the fly over HTTPS or WebSocket.
Check Point explained that the agent embeds a unified module dispatcher that treats modules whose names start with n- as native DLLs loaded via the LoadLibraryA Windows API, while other components are interpreted as managed .NET assemblies and loaded through AppDomain isolation. The report states: "The framework's anti-analysis posture relies on uncommon .NET compilation formats (Mixed-Mode C++/CLI and Native AOT) that force reverse engineers into multiple toolsets and metadata-reconstruction workflows, together with per-module AppDomain isolation as an anti-forensics measure."
The five modules uncovered and their capabilities
- mhm.dll — file operations, enumeration, recursive file search, archive handling, and bidirectional file transfer
- db.dll — SQL database enumeration, query, export, and manipulation
- ode.dll — Active Directory reconnaissance, user/group enumeration, and LDAP brute-force attempts
- n-ten.dll — network reconnaissance, port scanning, share enumeration, and SMB brute-force attempts
- n-sws.dll — SOCKS5 proxy and WebSocket tunneling
Check Point notes a clear split in compilation targets: mhm.dll, db.dll, and ode.dll are pure .NET Framework modules; n-HTCommp.dll, n-ten.dll, and n-sws.dll use Native AOT; and the main agent uxtheme.dll combines managed .NET code with native C++ in a single portable executable. That mixed compilation approach is central to the framework's anti-analysis posture and to tailoring deployments for different victim profiles.
Supply-chain abuse: SysAid updates, RMM relationships, and lateral movement
The documented intrusion chain leverages SysAid's software update feature to initiate a DLL side-loading sequence that executes the trojanized uxtheme.dll. Check Point observed Cavern operators moving from an initially compromised IT provider to a second-hop provider before ultimately reaching target organizations — a pattern that weaponizes trusted service-provider relationships and Remote Monitoring and Management (RMM) deployments.
As Check Point put it: "This activity highlights the operational value of trusted service-provider relationships, particularly where Remote Monitoring and Management (RMM) solutions are deployed." The actor also appears to use browser-based remote desktop technologies to access targets and, in some cases, abuse features such as remote printing to exfiltrate data when clipboard-based copy-paste or file-transfer capabilities are restricted.
MuddyWater activity, exploited CVEs, and confirmed exfiltration
The Cavern activity arrives against a backdrop of broader operations attributed to another Iranian state-sponsored actor tracked as MuddyWater. Oasis Security reported MuddyWater conducting broad reconnaissance across more than 12,000 internet-exposed systems by exploiting several known vulnerabilities, and said the operation moved from reconnaissance to targeted credential harvesting and data exfiltration against aviation, energy, and public sector entities in Egypt, Israel, and the United Arab Emirates.
Oasis Security summarized the campaign: "The operation leveraged a combination of vulnerability exploitation, Outlook Web Access (OWA) brute-force attacks, and newly identified command-and-control (C2) controllers supporting multi-protocol communication," and noted confirmed exfiltration of sensitive data from compromised environments.
The list of exploited vulnerabilities provided in the reporting includes:
- CVE-2025-52691 — SmarterMail remote code execution vulnerability
- CVE-2025-68613 — n8n remote code execution vulnerability
- CVE-2025-9316 — N-Central unauthenticated sessionID generation vulnerability
- CVE-2025-34291 — Langflow remote code execution vulnerability
- CVE-2025-54068 — Laravel Livewire remote code execution vulnerability
What this means for technologists, policymakers, and procurement leaders
- Technologists and security teams should note the specific abuse of SysAid update workflows and the use of mixed .NET compilation formats — detection and analysis may require multiple toolchains and scrutiny of AppDomain-loaded assemblies and native-loaded n- modules.
- Policymakers and regulators responsible for supply-chain security should watch the operational pattern of moving between trusted service providers and second-hop providers where RMM solutions are present, given the explicit operational value the actors derive from those relationships.
- Affected enterprises and procurement leaders should reassess the controls around vendor updates and browser-based remote access features, and consider how remote-printing and other built-in functions might be abused for exfiltration when standard transfer channels are restricted.
The Cavern disclosure links a sophisticated, modular C2 framework to supply-chain maneuvers and multi-protocol exfiltration techniques at a time when related actors are exploiting a long list of internet-facing vulnerabilities. The immediate questions — how widely trojanized SysAid updates were distributed, how many downstream organizations were reached via second-hop providers, and whether hospitalinstallation[.]com is tied to other campaigns — remain to be answered by follow-on investigation and incident response.




