🇵🇸

Molerats

APT Group Information theft and espionage ETDA ✓

Also Known As 8 names

ALUMINUM SARATOGA BLACKSTEM Extreme Jackal G0021 Gaza Cybergang Gaza Hackers Team Moonlight Operation Molerats

Target Countries 32

Countries highlighted in red

Afghanistan Canada Chile China Germany Denmark Algeria Egypt Indonesia Israel India Iraq Islamic Republic of Iran Jordan Republic of Korea Kuwait Lebanon Latvia Libya Morocco Former Yugoslav Republic of Macedonia New Zealand Oman Palestine Qatar Serbia Saudi Arabia Slovenia Somalia Turkey United States Yemen

Sectors Targeted

Public Administration 92 Aerospace National Security and International Affairs 928 Periodical Publishers 51112 Military Finance and Insurance 52 High-Tech NGOs Telecommunications Grantmaking and Giving Services 8132 Oil and Gas Extraction 211 Government Telecommunications 517 Finance Oil and gas Energy Insurance Carriers and Related Activities 524 Publishing Industries (except Internet) 511 Financial Embassies Computer Systems Design and Related Services 54151 Photographic Services 54192 Civil Society Education Media Religious, Grantmaking, Civic, Professional, and Similar Organizations 813 Pharmaceuticals Healthcare Legal journalists and software developers Defense

Details

Origin 🇵🇸 PS
Last Updated 05 Jul 2024

Malware Families 9

extreme_rat
pierogi
brittle_bush
nimblemamba
molerat_loader
spark_rat
alina_pos
SparkCat
badpatch

MITRE ATT&CK 50

T1001 - Data Obfuscation T1027 T1027.013 T1027.015 T1036 - Masquerading T1053 - Scheduled Task/Job T1053.005 T1056 T1057 T1059 - Command and Scripting Interpreter T1059.001 T1059.005 T1059.007 T1071 - Application Layer Protocol T1071.001 T1078 - Valid Accounts T1082 - System Information Discovery T1102 - Web Service T1104 T1105 T1112 - Modify Registry T1113 T1127 - Trusted Developer Utilities Proxy Execution T1132 - Data Encoding T1134 - Access Token Manipulation T1140 - Deobfuscate/Decode Files or Information T1204 - User Execution T1204.001 T1204.002 T1205 - Traffic Signaling T1218 T1218.007 T1474 - Supply Chain Compromise T1518 T1530 T1546 T1547 - Boot or Logon Autostart Execution T1547.001 T1553 T1553.002 T1555 T1555.003 T1566 - Phishing T1566.001 T1566.002 T1574 - Hijack Execution Flow T1583 - Acquire Infrastructure T1587 - Develop Capabilities T1590 - Gather Victim Network Information T1591 - Gather Victim Org Information

Related Zero-Days

No zero-day CVE linked to this actor