Molerats
Aliases: Operation Molerats, Gaza Cybergang
Molerats is an Arabic-speaking, politically-motivated threat group that has been operating since 2012. The group's victims have primarily been in the Middle East, Europe, and the United States.
Open interactive actor investigation
ATT&CK techniques
T1218.007
MsiexecT1204.001
Malicious LinkT1105
Ingress Tool TransferT1553.002
Code SigningT1027.013
Encrypted/Encoded FileT1053.005
Scheduled TaskT1140
Deobfuscate/Decode Files or InformationT1566.001
Spearphishing AttachmentT1057
Process DiscoveryT1566.002
Spearphishing LinkT1555.003
Credentials from Web BrowsersT1547.001
Registry Run Keys / Startup FolderT1059.001
PowerShellT1059.005
Visual BasicT1059.007
JavaScriptT1204.002
Malicious FileT1059
Command and Scripting Interpreter
MsiexecT1204.001
Malicious LinkT1105
Ingress Tool TransferT1553.002
Code SigningT1027.013
Encrypted/Encoded FileT1053.005
Scheduled TaskT1140
Deobfuscate/Decode Files or InformationT1566.001
Spearphishing AttachmentT1057
Process DiscoveryT1566.002
Spearphishing LinkT1555.003
Credentials from Web BrowsersT1547.001
Registry Run Keys / Startup FolderT1059.001
PowerShellT1059.005
Visual BasicT1059.007
JavaScriptT1204.002
Malicious FileT1059
Command and Scripting Interpreter
Correlated CTI and IR reports
TA402 Targets Middle East Entities with IronWind Malware
Proofpoint · direct source mappingThe Israel-Hamas War: Cyber Domain State-Sponsored Activity of Interest
SentinelOne · actor referenceActor Deep Research Prompts
Israel Threat Actors CTI · explicit report mentionCyber Threat Intelligence Dossier: Iranian and Hamas-Aligned Operations Targeting Israeli and Allied Ecosystems (2023-2026)
Israel Threat Actors CTI · explicit report mentionDefensive CTI Research on Threats to Israeli Government and Public-Sector Environments
Israel Threat Actors CTI · explicit report mentionIsrael Government Threat Actors CTI: Evidentiary Foundation Intake
Israel Threat Actors CTI · explicit report mentionAshen Lepus uses new AshTag malware suite
Unit 42 · downloaded report actor contextHamas-affiliated threat actor expands to disruptive activity
Check Point · downloaded report actor context
Proofpoint · direct source mappingThe Israel-Hamas War: Cyber Domain State-Sponsored Activity of Interest
SentinelOne · actor referenceActor Deep Research Prompts
Israel Threat Actors CTI · explicit report mentionCyber Threat Intelligence Dossier: Iranian and Hamas-Aligned Operations Targeting Israeli and Allied Ecosystems (2023-2026)
Israel Threat Actors CTI · explicit report mentionDefensive CTI Research on Threats to Israeli Government and Public-Sector Environments
Israel Threat Actors CTI · explicit report mentionIsrael Government Threat Actors CTI: Evidentiary Foundation Intake
Israel Threat Actors CTI · explicit report mentionAshen Lepus uses new AshTag malware suite
Unit 42 · downloaded report actor contextHamas-affiliated threat actor expands to disruptive activity
Check Point · downloaded report actor context