Molerats | APT Profile

Description

[Molerats](https://attack.mitre.org/groups/G0021) is an Arabic-speaking, politically-motivated threat group that has been operating since 2012. The group's victims have primarily been in the Middle East, Europe, and the United States.(Citation: DustySky)(Citation: DustySky2)(Citation: Kaspersky MoleRATs April 2019)(Citation: Cybereason Molerats Dec 2020)

Techniques Used (TTPs)

T1218.007 — Msiexec (defense-evasion)
T1204.001 — Malicious Link (execution)
T1105 — Ingress Tool Transfer (command-and-control)
T1553.002 — Code Signing (defense-evasion)
T1027.015 — Compression (defense-evasion)
T1053.005 — Scheduled Task (execution, persistence, privilege-escalation)
T1140 — Deobfuscate/Decode Files or Information (defense-evasion)
T1566.001 — Spearphishing Attachment (initial-access)
T1057 — Process Discovery (discovery)
T1566.002 — Spearphishing Link (initial-access)
T1555.003 — Credentials from Web Browsers (credential-access)
T1547.001 — Registry Run Keys / Startup Folder (persistence, privilege-escalation)
T1059.001 — PowerShell (execution)
T1059.005 — Visual Basic (execution)
T1059.007 — JavaScript (execution)
T1204.002 — Malicious File (execution)

Total TTPs: 16

Malware & Tools

Malware: DropBook, DustySky, MoleNet, PoisonIvy, SharpStage, Spark

← Return to Home ← Back to APT Search