Molerats
Molerats is a politically-motivated threat group that has been operating since 2012. The group's victims have primarily been in the Middle East, Europe, and the United States. [1] [2]
ID: G0021
Aliases: Molerats, Operation Molerats, Gaza Cybergang
Version: 1.0
Alias Descriptions
Name | Description |
---|---|
Molerats | [1] |
Operation Molerats | [3] |
Gaza Cybergang | [1] |
Techniques Used
Domain | ID | Name | Use |
---|---|---|---|
Enterprise | T1116 | Code Signing | Molerats has used forged Microsoft code-signing certificates on malware.[3] |
Enterprise | T1003 | Credential Dumping | Molerats used the public tool BrowserPasswordDump10 to dump passwords saved in browsers on victims.[1] |
Enterprise | T1057 | Process Discovery | Molerats actors obtained a list of active processes on the victim and sent them to C2 servers.[1] |