Skip to content

Hide Navigation Hide TOC

Molerats (f7c2e501-73b1-400f-a5d9-2e2e07b7dfde)

In October 2012, malware attacks against Israeli government targets grabbed media attention as officials temporarily cut off Internet access for its entire police force and banned the use of USB memory sticks. Security researchers subsequently linked these attacks to a broader, yearlong campaign that targeted not just Israelis but Palestinians as well. and as discovered later, even the U.S. and UK governments. Further research revealed a connection between these attacks and members of the so-called “Gaza Hackers Team.” We refer to this campaign as “Molerats.”

Cluster A Galaxy A Cluster B Galaxy B Level
Molerats (f7c2e501-73b1-400f-a5d9-2e2e07b7dfde) Threat Actor Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 1
SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 2
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 2
Molerats - G0021 (df71bb3b-813c-45eb-a8bc-f2a419837411) Intrusion Set MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware 3
SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 3
SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
SharpStage - S0546 (0ba9281c-93fa-4b29-8e9e-7ef918c7b13a) Malware System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern 3
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware 3
DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern 3
DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
DropBook - S0547 (3ae6097d-d700-46c6-8b21-42fc0bcb48fa) Malware System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern 3
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Compression - T1027.015 (fbd91bfc-75c2-4f0c-8116-3b4e722906b3) Attack Pattern 3
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern 3
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Link - T1566.002 (2b742742-28c3-4e1b-bab7-8350d6300fa7) Attack Pattern 3
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 3
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern 3
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Spark - S0543 (03ea629c-517a-41e3-94f8-c7e5368cf8f4) Malware 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Application Window Discovery - T1010 (4ae4f953-fe58-4cc8-a327-33257e30a830) Attack Pattern 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware 3
poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Rootkit - T1014 (0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 3
PoisonIvy - S0012 (b42378e0-f147-496f-992a-26a49705395b) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688) Attack Pattern 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 3
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 3
Replication Through Removable Media - T1091 (3b744087-9945-4a6f-91e8-9dbceda417a4) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
NeD Worm (eedcf785-d011-4e17-96c4-6ff39138ada0) Tool DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 3
DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern DustySky - S0062 (687c23e4-4e25-4ee7-a870-c5e002511f54) Malware 3
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 3
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 3
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware 3
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware 3
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware 3
MoleNet - S0553 (8a59f456-79a0-4151-9f56-9b1a67332af2) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
System Location Discovery - T1614 (c877e33f-1df6-40d6-b1e7-ce70f16f4979) Attack Pattern System Language Discovery - T1614.001 (c1b68a96-3c48-49ea-a6c0-9b27359f9c19) Attack Pattern 4
Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 4
User Activity Based Checks - T1497.002 (91541e7e-b969-40c6-bbd8-1b5352ec2938) Attack Pattern Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern 4
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern 4
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 4
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 4
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 4
Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool 4
poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool 4
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool 4
PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT Poison Ivy (2abe89de-46dd-4dae-ae22-b49a593aff54) Tool 4
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 4
Local Data Staging - T1074.001 (1c34f7aa-9341-4a48-bfab-af22e51aca6c) Attack Pattern Data Staged - T1074 (7dd95ff6-712e-4056-9626-312ea4ab4c5e) Attack Pattern 4
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 4
Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 4
poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 4
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor PoisonIvy (4e104fef-8a2c-4679-b497-6e86d7d47db0) RAT 4
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Active Setup - T1547.014 (22522668-ddf6-470b-a027-9d6866679f67) Attack Pattern 4
Keylogging - T1056.001 (09a60ea3-a8d1-4ae5-976e-5783248b72a4) Attack Pattern Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern 4
poisonivy (e336aeba-b61a-44e0-a0df-cd52a5839db5) Tool Poison Ivy (7789fc1b-3cbc-4a1c-8ef0-8b06760f93e7) Malpedia 4
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 4
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 4
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor Torn RAT (32a67552-3b31-47bb-8098-078099bbc813) Tool 5
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor Gh0st RAT (255a59a7-db2d-44fc-9ca9-5859b65817c3) RAT 5
APT14 (c82c904f-b3b4-40a2-bf0d-008912953104) Threat Actor Gh0st Rat (cb8c8253-4024-4cc9-8989-b4a5f95f6c2f) Tool 5
Gh0st RAT (255a59a7-db2d-44fc-9ca9-5859b65817c3) RAT Ghost RAT (225fa6cf-dc9c-4b86-873b-cdf1d9dd3738) Malpedia 6
APT43 (aac49b4e-74e9-49fa-84f9-e340cf8bafbc) Threat Actor Gh0st Rat (cb8c8253-4024-4cc9-8989-b4a5f95f6c2f) Tool 6