← threatfilter.dev / all groups / Molerats
Molerats
Also known as: Operation Molerats · Gaza Cybergang
Overview
Molerats is an Arabic-speaking, politically-motivated threat group that has been operating since 2012. The group's victims have primarily been in the Middle East, Europe, and the United States.
Targets
Civil society · Defense · Education · Energy · Finance · Government · Healthcare · Legal · Media · Military · NGOs · Pharmaceuticals
Regions
Europe · Israel · Middle East · Palestine · United States
Capabilities
- Custom malware/implant development — ATT&CK: 6 attributed custom malware families
TTPs — 16 techniques across 8 tactics
Initial Access
-
T1566.001Spearphishing Attachment -
T1566.002Spearphishing Link
Execution
-
T1053.005Scheduled Task -
T1059.001PowerShell -
T1059.005Visual Basic -
T1059.007JavaScript -
T1204.001Malicious Link -
T1204.002Malicious File
Persistence
-
T1547.001Registry Run Keys / Startup Folder
Stealth
-
T1027.015Compression -
T1140Deobfuscate/Decode Files or Information -
T1218.007Msiexec
Defense Impairment
-
T1553.002Code Signing
Credential Access
-
T1555.003Credentials from Web Browsers
Discovery
-
T1057Process Discovery
Command and Control
-
T1105Ingress Tool Transfer
Tools & malware (6)
MoleNet · Spark · DustySky · DropBook · SharpStage · PoisonIvy
Reporting (3)
- MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign — Cybereason Nocturnus Team
- Gaza Cybergang Group1, operation SneakyPastes — GReAT
- Operation DustySky - Part 2 — ClearSky Cybersecurity