UNC1549UNC1549

Also known as: UNC1549 · Nimbus Manticore

Known aliases
2

Profile

UNC1549 is an Iranian threat actor linked to Tortoiseshell and potentially the IRGC. They have been active since at least June 2022, targeting entities worldwide with a focus on the Middle East. UNC1549 uses spear-phishing and credential harvesting for initial access, deploying custom malware like MINIBIKE and MINIBUS backdoors. They have also been observed using evasion techniques and a tunneler named LIGHTRAIL in their operations.

Aliases· 2

UNC1549Nimbus Manticore

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UNC215
Actor
UNC4841
Actor
UNC1860
Actor
UNC3890
Actor
UNC4990
Actor
UNC4540
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.