Molerats
· Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
· Source: The MITRE Corporation
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 27/03/2026 01:13
- Updated at
- 27/03/2026 01:13
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 20 attack patterns (mitre), 17 malware, 2 sectors, 1 countries, 37 indicators
Aliases
Operation Molerats Gaza Cybergang
Description
[Molerats](https://attack.mitre.org/groups/G0021) is an Arabic-speaking, politically-motivated threat group that has been operating since 2012. The group's victims have primarily been in the Middle East, Europe, and the United States.(Citation: DustySky)(Citation: DustySky2)(Citation: Kaspersky MoleRATs April 2019)(Citation: Cybereason Molerats Dec 2020)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Attack patterns (MITRE) (20)
-
-
-
-
-
Compression uses
-
-
-
-
-
-
-
Malware (17)
-
BarbWire uses
-
Micropsia uses
-
LastConn uses
-
DustySky uses
-
Big Bang uses
-
WIRTE uses
-
PyMicropsia uses
-
Pierogi uses
-
PoisonIvy uses
-
DropBook uses
-
Spark uses
-
SharpStage uses
Sectors (2)
-
Government targets
-
Defense ministries (including the military) targets
Countries (1)
-
Israel targets
Indicators (37)
-
stix 100/100 Revoked
vad_contains_network_strings SHA256 of 994ebbe444183e0d67b13f91d75b0f9bcfb011db
· Valid until 18/03/2025 · Source: AlienVault -
nicoledotson.icuindicatesstix 100/100 Revoked· Valid until 09/10/2024 · Source: AlienVault -
escanor.liveindicatesstix 100/100 Revoked· Valid until 09/10/2024 · Source: AlienVault -
stix 100/100 Revoked
Delphi SHA256 of c3038d7b01813b365fd9c5fd98cd67053ed22371
· Valid until 18/03/2025 · Source: AlienVault -
overingtonray.infoindicatesstix 100/100 Revoked· Valid until 09/10/2024 · Source: AlienVault -
spgbotup.clubindicatesstix 100/100 Revoked· Valid until 09/10/2024 · Source: AlienVault -
nicoledotso.icuindicatesstix 100/100 Revoked· Valid until 09/10/2024 · Source: AlienVault -
izocraft.comindicatesstix 100/100 Revoked· Valid until 09/10/2024 · Source: AlienVault -
bruce-ess.comindicatesstix 100/100 Revoked· Valid until 09/10/2024 · Source: AlienVault -
stix 100/100 Revoked
AridViper SHA256 of aeeeee47becaa646789c5ee6df2a6e18f1d25228
· Valid until 18/03/2025 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 75a63321938463b8416d500b34a73ce543a9d54d
· Valid until 18/03/2025 · Source: AlienVault