Molerats is a politically-motivated threat group that has been operating since 2012. The group's victims have primarily been in the Middle East, Europe, and the United States. (Citation: DustySky) (Citation: DustySky2)
| Platform | Tactic | Technique | Description | Data Sources |
|---|---|---|---|---|
| Windows, Linux, macOS | credential-access | Credential Dumping | Molerats used the public tool BrowserPasswordDump10 to dump passwords saved in browsers on victims. | API monitoring, Process monitoring, PowerShell logs, Process command-line parameters |
| Linux, macOS, Windows | discovery | Process Discovery | Molerats actors obtained a list of active processes on the victim and sent them to C2 servers. | Process monitoring, Process command-line parameters |
| macOS, Windows | defense-evasion | Code Signing | Molerats has used forged Microsoft code-signing certificates on malware. | Binary file metadata |