Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Molerats

Molerats is a politically-motivated threat group that has been operating since 2012. The group's victims have primarily been in the Middle East, Europe, and the United States. [1] [2]

ID: G0021
Aliases: Molerats, Operation Molerats, Gaza Cybergang
Version: 1.0

Alias Descriptions

NameDescription
Molerats[1]
Operation Molerats[3]
Gaza Cybergang[1]

Techniques Used

DomainIDNameUse
EnterpriseT1116Code SigningMolerats has used forged Microsoft code-signing certificates on malware.[3]
EnterpriseT1003Credential DumpingMolerats used the public tool BrowserPasswordDump10 to dump passwords saved in browsers on victims.[1]
EnterpriseT1057Process DiscoveryMolerats actors obtained a list of active processes on the victim and sent them to C2 servers.[1]

Software

IDNameTechniques
S0062DustySkyFallback Channels, File and Directory Discovery, Input Capture, Obfuscated Files or Information, Process Discovery, Registry Run Keys / Startup Folder, Remote File Copy, Replication Through Removable Media, Security Software Discovery, Standard Application Layer Protocol, System Information Discovery, Windows Management Instrumentation
S0012PoisonIvyApplication Window Discovery, Command-Line Interface, Data from Local System, Data Staged, Input Capture, Modify Existing Service, Modify Registry, New Service, Obfuscated Files or Information, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rootkit, Standard Cryptographic Protocol, Uncommonly Used Port

References