Molerats Analysis
IOB - Indicator of Behavior (759)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
Campaigns (4)
These are the campaigns that can be associated with the actor:
- DustySky
- Middle East
- Xxxxxxxxxxxx
- Xxxxx
IOC - Indicator of Compromise (21)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (23)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (268)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | .encfs6.xml | predictive | Medium |
2 | File | .htaccess | predictive | Medium |
3 | File | /admin/admin_manage/delete | predictive | High |
4 | File | /admin/video/list | predictive | High |
5 | File | /adminlogin.asp | predictive | High |
6 | File | /cgi-bin/supervisor/CloudSetup.cgi | predictive | High |
7 | File | /dl/dl_sendmail.php | predictive | High |
8 | File | /drivers/net/ethernet/broadcom/tg3.c | predictive | High |
9 | File | /etc/passwd | predictive | Medium |
10 | File | /etc/qci/answers | predictive | High |
11 | File | /forms/nslookupHandler | predictive | High |
12 | File | /forum/away.php | predictive | High |
13 | File | /function/booksave.php | predictive | High |
14 | File | /goform/form2userconfig.cgi | predictive | High |
15 | File | /gracemedia-media-player/templates/files/ajax_controller.php | predictive | High |
16 | File | /inc/campaign/campaign-delete.php | predictive | High |
17 | File | /sgmi/ | predictive | Low |
18 | File | /tmp | predictive | Low |
19 | File | /uncpath/ | predictive | Medium |
20 | File | /usr/lib/print/conv_fix | predictive | High |
21 | File | /wp-content/plugins/woocommerce/templates/emails/plain/ | predictive | High |
22 | File | adclick.php | predictive | Medium |
23 | File | add_comment.php | predictive | High |
24 | File | admin.php | predictive | Medium |
25 | File | admin.php?page=languages | predictive | High |
26 | File | admin/controllers/Albumsgalleries.php | predictive | High |
27 | File | admin/plugin.php | predictive | High |
28 | File | admin\addgroup.php | predictive | High |
29 | File | agents.php | predictive | Medium |
30 | File | api_poller.php | predictive | High |
31 | File | xxx/xxxx/xxxxxx/xxxxxxxxxxxxx.xxx | predictive | High |
32 | File | xxxxxx/xxxxxxxxx.xx | predictive | High |
33 | File | xxxx_xxxxxxxxxxxxxx.xxx | predictive | High |
34 | File | xxxx_xxxxxxx.xxx | predictive | High |
35 | File | xxxx/xxxxxxxxx.xxx | predictive | High |
36 | File | xxxxxx.x | predictive | Medium |
37 | File | xxxx.x | predictive | Low |
38 | File | xxxxx/xxxx.x | predictive | Medium |
39 | File | xxxx.x | predictive | Low |
40 | File | xxx.x | predictive | Low |
41 | File | x:\xxxxxxx\ | predictive | Medium |
42 | File | xxxx.xxx | predictive | Medium |
43 | File | xxx-xxx/xxxxxxxx.xxx | predictive | High |
44 | File | xxxxxx_xxxxxxx_xxxxxxx.xxx | predictive | High |
45 | File | xxxxxxxxxxxx.xxx | predictive | High |
46 | File | xxxxxx/xxx.x | predictive | Medium |
47 | File | xxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxx_x | predictive | High |
48 | File | xxxxxx/xxxxxxxxxxx.xx | predictive | High |
49 | File | xxxxxxxxxx | predictive | Medium |
50 | File | xxxxxxx.xxx | predictive | Medium |
51 | File | xxxx/xxx/xxxxxxxxxxxxx.xxx | predictive | High |
52 | File | xxxx/xxxxxxx/xxxxxxxxxxxxxx.xxx | predictive | High |
53 | File | xx-xxxxx.x | predictive | Medium |
54 | File | xxx.x | predictive | Low |
55 | File | xxxx/xxxx-xxxxxxx.x | predictive | High |
56 | File | xxxx/xxx-xxxxxxx.x | predictive | High |
57 | File | xxxx/xxx.x | predictive | Medium |
58 | File | xxxxx.xxxx | predictive | Medium |
59 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
60 | File | xxxxxx.x | predictive | Medium |
61 | File | xxxxxxxxxxx.xxx | predictive | High |
62 | File | xxxxxx.xxx | predictive | Medium |
63 | File | xxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
64 | File | xxxxxxx.xx | predictive | Medium |
65 | File | xxx/xxxxxx/xxxxxx/xxxxxxxxxxx/xxx.xxx | predictive | High |
66 | File | xxx\xxxxxx\xxxxxx\xxxxxxxxxxx\xxxxx\xxxxxxx.xxx | predictive | High |
67 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
68 | File | xxx_xxxxxxx.x | predictive | High |
69 | File | xxxx_xxxxxx.x | predictive | High |
70 | File | xxxxx.xxx | predictive | Medium |
71 | File | xxx-xxxx-/xxxxxx.xxx | predictive | High |
72 | File | xxx-xxxx/xxx_xxxxxxxx.xxx | predictive | High |
73 | File | xxxx/xxxxxxxxxx/xxxxxx-xxxxxx.x | predictive | High |
74 | File | xxxxxx_xxx.xxx | predictive | High |
75 | File | xxxxx/xxxxx_xxxxx_x | predictive | High |
76 | File | xx/xxxxxx_xxxxx.x | predictive | High |
77 | File | xxxxxx.x | predictive | Medium |
78 | File | xxxx/xxxxx.x | predictive | Medium |
79 | File | xxxxxxx/xxxxxxxxxxxxxx | predictive | High |
80 | File | xxxxxx_xxxxxx_xxxx.xxx | predictive | High |
81 | File | xxxxxx/xxxxxxx/xxxx.xxx | predictive | High |
82 | File | xxxxxxxxx.xxx | predictive | High |
83 | File | xxxxxxxxxxxx.xxx | predictive | High |
84 | File | xxx/xxxxxx.xxx | predictive | High |
85 | File | xxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxx | predictive | High |
86 | File | xxxxxxxx/xxxxx-xxxxxxxxx.xxx | predictive | High |
87 | File | xxxxx.xxx | predictive | Medium |
88 | File | xxxxxxx/xxxx_xxxxxxxxxx.xxx | predictive | High |
89 | File | xxxx_xxxx.xxx | predictive | High |
90 | File | xx/xxx.xx | predictive | Medium |
91 | File | xxxxxx/xxx/xxxxxxxx.x | predictive | High |
92 | File | xxxxxx/xxxxx.x | predictive | High |
93 | File | xxxxxxxxx | predictive | Medium |
94 | File | xxxxxxxxxxx/xxxxx.x | predictive | High |
95 | File | xxxxxx/xxxxxx.x | predictive | High |
96 | File | xxxxx.xxxx | predictive | Medium |
97 | File | xxxxxx/xxxxxx.x | predictive | High |
98 | File | xxxxxx-xxxxxxx.xxx | predictive | High |
99 | File | xxxxxx.xxx | predictive | Medium |
100 | File | xxxxxxx/xxx.xxx | predictive | High |
101 | File | xxxxxxxxxxxxxxxxxxxx.xx | predictive | High |
102 | File | xxx.x | predictive | Low |
103 | File | xxxxx_xxxxxxx_xx | predictive | High |
104 | File | xxx/xxxx/xxxx_xxxxxxxxxx_xxxx.x | predictive | High |
105 | File | xxx/xxxxxx/xxx.x | predictive | High |
106 | File | xxx/xxxxxxxxxx/xxxxxxxxx_xxx.xx | predictive | High |
107 | File | xxx/xxx/xx_xxx.x | predictive | High |
108 | File | xxx.xxx | predictive | Low |
109 | File | xx.xx | predictive | Low |
110 | File | xxxx.xxx | predictive | Medium |
111 | File | xxx/xxx-xxxxx.x | predictive | High |
112 | File | xxx/xxx-xxxx.x | predictive | High |
113 | File | xxxx.xxx | predictive | Medium |
114 | File | xxxxx/xxxxx.xxx | predictive | High |
115 | File | xxxxx-x.xxx | predictive | Medium |
116 | File | xxxxxxxxxxxxxxxxxx.xxx | predictive | High |
117 | File | xxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxx | predictive | High |
118 | File | xxxxxxx.xxx | predictive | Medium |
119 | File | xxxx.xxx | predictive | Medium |
120 | File | xxxxx.x | predictive | Low |
121 | File | xxxxxx.xxx | predictive | Medium |
122 | File | xxxxxxxxxxx.x | predictive | High |
123 | File | xxxxxxxx.xxx | predictive | Medium |
124 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | High |
125 | File | xxx_xxx.x | predictive | Medium |
126 | File | xxxxxx/xxxxx/xxx.x | predictive | High |
127 | File | xxx.xxx | predictive | Low |
128 | File | xxxxxxxxx/xxx.x | predictive | High |
129 | File | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
130 | File | xxx_xxxxxx.x | predictive | Medium |
131 | File | xxxxxxxx.xxx | predictive | Medium |
132 | File | xxxxx/xxxxxxx.xxx | predictive | High |
133 | File | xxxx.xxx | predictive | Medium |
134 | File | xxxxxxx.xxx | predictive | Medium |
135 | File | xxx/xxxxxx.x | predictive | Medium |
136 | File | xxx/xxx/xxxxxx.xxx | predictive | High |
137 | File | xxx/xxxxxxxxxxxxxxxx/xxxxx.xxxxxxxxxxxxxxxxxx._xxxxxxxxxxxx | predictive | High |
138 | File | xxxxxxxx.xxx | predictive | Medium |
139 | File | xxxxxx.x | predictive | Medium |
140 | File | xxx/xxxxxxx.x | predictive | High |
141 | File | xxxxxxx/xxxxx/xxxxxxxxxxx.x | predictive | High |
142 | File | xxxxxx.xxx | predictive | Medium |
143 | File | xxxx.xxx | predictive | Medium |
144 | File | xxxxxxxxx.xxxx.xx | predictive | High |
145 | File | xxxx.xxx | predictive | Medium |
146 | File | xxxxx/xxxxxx/xxxxx.x | predictive | High |
147 | File | xxxxxxxxx | predictive | Medium |
148 | File | xxxxxxxxxx.xxxx | predictive | High |
149 | File | xxxxxx_xxxxxxxxxxxxx_xxxx.xxx | predictive | High |
150 | File | xxxxxxxxx.xxx | predictive | High |
151 | File | xxxx_xxxx.xxx | predictive | High |
152 | File | xxxxxx.xxx | predictive | Medium |
153 | File | xxxxxxx/xxxxxx/_xxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
154 | File | xx-xxxxxxxx/xxxx.xxx | predictive | High |
155 | File | xxx xxxxxxx | predictive | Medium |
156 | File | ~/xxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxx | predictive | High |
157 | File | ~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxx | predictive | High |
158 | File | ~/xxxxxxxx/xxxxxxxx/xxxxxx/xxxx/xxxx/xxxxxxxx.xxx | predictive | High |
159 | Library | /xxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
160 | Library | x:\xxxxxxx\xxxxxxxx\xxxxxxxxxxx\xxxxxxxxxxxxxx\xxxxxxxx.xxx_xxxxx_xxxxxxxxxxxxxxxx\xxxxx\xxxxxxxxxxx.xxx | predictive | High |
161 | Library | xxxx/xxx/xxxxxxx/xxxx.x | predictive | High |
162 | Library | xxxxx/xxx/xxxxxxxx.x | predictive | High |
163 | Library | xxx/xxx.xxxxxx.xxx | predictive | High |
164 | Library | xxxxxxxx.xxx | predictive | Medium |
165 | Library | xxxxxxxx.xxx | predictive | Medium |
166 | Library | xxxxxx.xxx | predictive | Medium |
167 | Library | xxxxxxx.xxx | predictive | Medium |
168 | Library | xxx/xxx/xxxx/ | predictive | High |
169 | Argument | $xxxxx['xxxxxxx']['xxxxxxxx'] | predictive | High |
170 | Argument | $_xxxxxx["xxx_xxxx"] | predictive | High |
171 | Argument | --xxxxxx/--xxxxxxxx | predictive | High |
172 | Argument | -x/--xxxxxx-xxx/--xxx | predictive | High |
173 | Argument | xxxxx_xx | predictive | Medium |
174 | Argument | xxxx xxxxxx | predictive | Medium |
175 | Argument | xxxxxxxx | predictive | Medium |
176 | Argument | xxxxxxxxxxxxx | predictive | High |
177 | Argument | xxx | predictive | Low |
178 | Argument | xxxxx | predictive | Low |
179 | Argument | xxx | predictive | Low |
180 | Argument | xxxxxxxxxxxx | predictive | Medium |
181 | Argument | xxxx_xx | predictive | Low |
182 | Argument | xxxxxx xxxx | predictive | Medium |
183 | Argument | xxxx | predictive | Low |
184 | Argument | xxxxxxx_xxxx_xxxx | predictive | High |
185 | Argument | xxxx xx | predictive | Low |
186 | Argument | xxxx | predictive | Low |
187 | Argument | xx | predictive | Low |
188 | Argument | xxxxxxxxxxx | predictive | Medium |
189 | Argument | xxxx | predictive | Low |
190 | Argument | xxx_xxxxxxxxx | predictive | High |
191 | Argument | xxxxxxxxxx | predictive | Medium |
192 | Argument | xxx | predictive | Low |
193 | Argument | xxxxxxx | predictive | Low |
194 | Argument | xxxxxxx:xxxxxxxx | predictive | High |
195 | Argument | xxxx | predictive | Low |
196 | Argument | xxxxxxxx=x | predictive | Medium |
197 | Argument | xxxxxx | predictive | Low |
198 | Argument | xxxxxxx | predictive | Low |
199 | Argument | xxxxxxxxxxx/xxxxxxxxxxx | predictive | High |
200 | Argument | xxxxxxxx | predictive | Medium |
201 | Argument | xxxxxx.xxxx/xxxxxx.xxxxx/xxxxxx.xxxxxx/xxx.xxxx/xxx.xxxxxxx | predictive | High |
202 | Argument | xx | predictive | Low |
203 | Argument | xxxxx | predictive | Low |
204 | Argument | xxxxxxx_xxxx | predictive | Medium |
205 | Argument | xxxx | predictive | Low |
206 | Argument | xxxx_xx | predictive | Low |
207 | Argument | xxxxxxxx | predictive | Medium |
208 | Argument | xxxxxxx | predictive | Low |
209 | Argument | xxxx | predictive | Low |
210 | Argument | xxxxxxxx.xxxx | predictive | High |
211 | Argument | xxxxxxxx | predictive | Medium |
212 | Argument | xxxx | predictive | Low |
213 | Argument | xxxxxx | predictive | Low |
214 | Argument | xxx | predictive | Low |
215 | Argument | xxxx | predictive | Low |
216 | Argument | xxxxxxxxxxxxxx | predictive | High |
217 | Argument | xxxxxx | predictive | Low |
218 | Argument | xxxx/xxx | predictive | Medium |
219 | Argument | xxxxxxxxxxxxx | predictive | High |
220 | Argument | xxx_xxxx | predictive | Medium |
221 | Argument | xxxxxxx | predictive | Low |
222 | Argument | xxxxx_xxxxxx | predictive | Medium |
223 | Argument | xxxxxxxx | predictive | Medium |
224 | Argument | xxx | predictive | Low |
225 | Argument | xxxx | predictive | Low |
226 | Argument | xxxxxxxxxx | predictive | Medium |
227 | Argument | xxxxxxxxx | predictive | Medium |
228 | Argument | xxx | predictive | Low |
229 | Argument | xxxx | predictive | Low |
230 | Argument | xxxxxxxxxxx | predictive | Medium |
231 | Argument | xxxx xxxx xx | predictive | Medium |
232 | Argument | xxxxx | predictive | Low |
233 | Argument | xxxxxxxxx/xxxxxxx | predictive | High |
234 | Argument | xxxxxxxxxx | predictive | Medium |
235 | Argument | xxxxxxxxxx | predictive | Medium |
236 | Argument | xx_xxxx | predictive | Low |
237 | Argument | xxxxxx | predictive | Low |
238 | Argument | xxxxx | predictive | Low |
239 | Argument | xxxx | predictive | Low |
240 | Argument | xxx | predictive | Low |
241 | Argument | xxxxxxx | predictive | Low |
242 | Argument | xxxx-xxxxx | predictive | Medium |
243 | Argument | xxxxxxxx | predictive | Medium |
244 | Argument | xxxxxxxx | predictive | Medium |
245 | Argument | xxxxxxxx/xxxxxxxx | predictive | High |
246 | Argument | xxxx->xxxxxxx | predictive | High |
247 | Argument | xxx | predictive | Low |
248 | Argument | _xxxxx_xxxxxxx_xxxxxxxxx_xxxxxxx-xxx | predictive | High |
249 | Input Value | %xx%xx | predictive | Low |
250 | Input Value | %xx/xxxxxx%xx%xxxxxxxx%xxxxxxx%xxx%xx%xx%xx/xxxxxx%xx | predictive | High |
251 | Input Value | %xxxxxxxx%xxxxxxx%xxxxxxxx.xxxxxxxxxxxx%xxxxx,%xxxxx,%xxxxx%xx%xx%xx/xxxxxx%xx | predictive | High |
252 | Input Value | %xxxxxxxx%xxxxxxx%xxx%xx%xx/xxxxxx%xx | predictive | High |
253 | Input Value | 'xx''=' | predictive | Low |
254 | Input Value | ../../xxx/xx_xxxxxx_xxx%xx | predictive | High |
255 | Input Value | /%xx | predictive | Low |
256 | Input Value | xxxxxxxxxxxxxxxx | predictive | High |
257 | Input Value | xxxxxxxx.xxx%xx | predictive | High |
258 | Input Value | xxxx://xxx.xxxxxx.xxx | predictive | High |
259 | Input Value | xxx: | predictive | Low |
260 | Input Value | xx-xxxx:// | predictive | Medium |
261 | Input Value | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%xxxx%xx%xx | predictive | High |
262 | Input Value | xx | predictive | Low |
263 | Input Value | |xxx${xxx} | predictive | Medium |
264 | Pattern | /xxxxxxxxxxx.xxx | predictive | High |
265 | Pattern | /xxxxx/xxxxxxxxxxxxx.xxx | predictive | High |
266 | Pattern | xxxxxxx-xxxx|xx| | predictive | High |
267 | Network Port | xxx/xxxx (xxxxx) | predictive | High |
268 | Network Port | xxx/xxxx | predictive | Medium |
References (7)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/Molerats
- https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
- https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor/
- https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf
- https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html
- https://www.proofpoint.com/us/blog/threat-insight/new-ta402-molerats-malware-targets-governments-middle-east
- https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east