| SYMBOL | COMMON_NAME | aka. SYNONYMS |
In October 2012, malware attacks against Israeli government targets grabbed media attention as officials temporarily cut off Internet access for its entire police force and banned the use of USB memory sticks. Security researchers subsequently linked these attacks to a broader, yearlong campaign that targeted not just Israelis but Palestinians as well. and as discovered later, even the U.S. and UK governments. Further research revealed a connection between these attacks and members of the so-called “Gaza Hackers Team.” We refer to this campaign as “Molerats.”
| 2023-12-14
⋅
SentinelOne
⋅
Gaza Cybergang | Unified Front Targeting Hamas Opposition BarbWire Micropsia Pierogi AridViper |
| 2023-11-22
⋅
Twitter (@embee_research)
⋅
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
| 2022-11-30
⋅
⋅
FFRI Security
⋅
Evolution of the PlugX loader PlugX Poison Ivy |
| 2022-08-22
⋅
Fortinet
⋅
A Tale of PivNoxy and Chinoxy Puppeteer Chinoxy Poison Ivy |
| 2022-07-31
⋅
BushidoToken Blog
⋅
Space Invaders: Cyber Threats That Are Out Of This World Poison Ivy Raindrop SUNBURST TEARDROP WastedLocker |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Crawling Taurus Poison Ivy APT20 |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Shallow Taurus FormerFirstRAT IsSpace NewCT PlugX Poison Ivy Tidepool DragonOK |
| 2022-05-17
⋅
Positive Technologies
⋅
Space Pirates: analyzing the tools and connections of a new hacker group FormerFirstRAT PlugX Poison Ivy Rovnix ShadowPad Zupdax |
| 2022-05-16
⋅
JPCERT/CC
⋅
Analysis of HUI Loader HUI Loader PlugX Poison Ivy Quasar RAT |
| 2022-02-08
⋅
Proofpoint
⋅
Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage BrittleBush NimbleMamba TA402 |
| 2022-02-08
⋅
The Hacker News
⋅
Palestinian Hackers Use New NimbleMamba Implant in Recent Attacks NimbleMamba |
| 2022-01-20
⋅
Zscaler
⋅
New espionage attack by Molerats APT targeting users in the Middle East Spark |
| 2021-07-06
⋅
0ffset Blog
⋅
New TA402/MOLERATS Malware – Decrypting .NET Reactor Strings SharpStage |
| 2021-06-17
⋅
Proofpoint
⋅
New TA402 Molerats Malware Targets Governments in the Middle East Molerat Loader |
| 2021-06-16
⋅
Recorded Future
⋅
Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries Icefog PcShare PlugX Poison Ivy QuickHeal DAGGER PANDA |
| 2021-03-17
⋅
Recorded Future
⋅
China-linked TA428 Continues to Target Russia and Mongolia IT Companies PlugX Poison Ivy TA428 |
| 2021-02-01
⋅
ESET Research
⋅
Operation NightScout: Supply‑chain attack targets online gaming in Asia Ghost RAT NoxPlayer Poison Ivy Red Dev 17 |
| 2021-01-15
⋅
Swisscom
⋅
Cracking a Soft Cell is Harder Than You Think Ghost RAT MimiKatz PlugX Poison Ivy Trochilus RAT |
| 2021-01-08
⋅
Youtube (Virus Bulletin)
⋅
Operation LagTime IT: colourful Panda footprint Cotx RAT nccTrojan Poison Ivy Tmanger TA428 |
| 2020-12-13
⋅
SlideShare (ChiEnAshleyShen)
⋅
From ThreatHunting to Campaign Tracking Xtreme RAT |
| 2020-12-09
⋅
Cybereason
⋅
MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign DropBook JhoneRAT Molerat Loader Pierogi Quasar RAT SharpStage Spark |
| 2020-12-09
⋅
Cybereason
⋅
New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign DropBook MoleNet Quasar RAT SharpStage Spark |
| 2020-10-30
⋅
YouTube (Kaspersky Tech)
⋅
Around the world in 80 days 4.2bn packets Cobalt Strike Derusbi HyperBro Poison Ivy ShadowPad Winnti |
| 2020-10-26
⋅
⋅
360 Core Security
⋅
北非狐(APT-C-44)攻击活动揭露 Xtreme RAT Houdini NjRAT Revenge RAT |
| 2020-10-01
⋅
US-CERT
⋅
Alert (AA20-275A): Potential for China Cyber Response to Heightened U.S.-China Tensions CHINACHOPPER Cobalt Strike Empire Downloader MimiKatz Poison Ivy |
| 2020-09-30
⋅
NTT Security
⋅
Operation LagTime IT: colourful Panda footprint (Slides) Cotx RAT nccTrojan Poison Ivy Tmanger |
| 2020-09-30
⋅
NTT Security
⋅
Operation LagTime IT: colourful Panda footprint Cotx RAT nccTrojan Poison Ivy Tmanger |
| 2020-09-16
⋅
RiskIQ
⋅
RiskIQ: Adventures in Cookie Land - Part 2 8.t Dropper Chinoxy Poison Ivy |
| 2020-08-28
⋅
NTT
⋅
Operation Lagtime IT: Colourful Panda Footprint Cotx RAT Poison Ivy TA428 |
| 2020-08-19
⋅
NTT Security
⋅
Operation LagTime IT: Colorful Panda Footprint 8.t Dropper Cotx RAT Poison Ivy TA428 |
| 2020-07-14
⋅
ESET Research
⋅
Welcome Chat as a secure messaging app? Nothing could be further from the truth BadPatch |
| 2020-03-12
⋅
Check Point
⋅
Vicious Panda: The COVID Campaign 8.t Dropper BYEBY Enfal Korlia Poison Ivy |
| 2020-03-03
⋅
Palo Alto Networks Unit 42
⋅
Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations Downeks JhoneRAT Molerat Loader Spark |
| 2020-03-02
⋅
Virus Bulletin
⋅
Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary HenBox Farseer PlugX Poison Ivy |
| 2020-02-13
⋅
Cybereason
⋅
New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor Pierogi |
| 2020-02-13
⋅
Cybereason
⋅
New Cyber Espionage Campaigns Targeting Palestinians - Part 1: The Spark Campaign Spark |
| 2020-01-29
⋅
nao_sec blog
⋅
An Overhead View of the Royal Road BLACKCOFFEE Cotx RAT Datper DDKONG Derusbi Icefog Korlia NewCore RAT PLAINTEE Poison Ivy Sisfader |
| 2020-01-09
⋅
Lab52
⋅
TA428 Group abusing recent conflict between Iran and USA Poison Ivy |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE KEYSTONE 9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell APT17 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE UNION 9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell APT27 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE FIRESTONE 9002 RAT Derusbi Empire Downloader PlugX Poison Ivy APT19 |
| 2020-01-01
⋅
Secureworks
⋅
ALUMINUM SARATOGA BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE RIVERSIDE Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10 |
| 2019-12-12
⋅
Microsoft
⋅
GALLIUM: Targeting global telecom CHINACHOPPER Ghost RAT HTran MimiKatz Poison Ivy GALLIUM |
| 2019-11-19
⋅
FireEye
⋅
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC POISONPLUG Poison Ivy pupy Quasar RAT ZXShell |
| 2019-07-23
⋅
Proofpoint
⋅
Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia 8.t Dropper Cotx RAT Poison Ivy TA428 |
| 2019-06-25
⋅
Cybereason
⋅
OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS CHINACHOPPER HTran MimiKatz Poison Ivy Operation Soft Cell |
| 2019-04-10
⋅
Kaspersky Labs
⋅
The Gaza cybergang and its SneakyPastes campaign Molerats |
| 2019-02-14
⋅
⋅
360.cn
⋅
Suspected Molerats New Attack in the Middle East Molerats |
| 2019-02-14
⋅
奇安信威胁情报中心
⋅
Suspected Molerats' New Attack in the Middle East Molerats |
| 2019-01-01
⋅
MITRE
⋅
Group description: Molerats Molerats |
| 2019-01-01
⋅
Virus Bulletin
⋅
A vine climbing over the Great Firewall: A long-term attack against China Poison Ivy ZXShell |
| 2018-09-21
⋅
Qihoo 360 Technology
⋅
Poison Ivy Group and the Cyberespionage Campaign Against Chinese Military and Goverment Poison Ivy |
| 2018-05-15
⋅
BSides Detroit
⋅
IR in Heterogeneous Environment Korlia Poison Ivy |
| 2017-10-30
⋅
Kaspersky Labs
⋅
Gaza Cybergang – updated activity in 2017: Molerats |
| 2017-09-15
⋅
Fortinet
⋅
Deep Analysis of New Poison Ivy/PlugX Variant - Part II Poison Ivy |
| 2017-08-31
⋅
NCC Group
⋅
Analysing a recent Poison Ivy sample Poison Ivy |
| 2017-08-23
⋅
Fortinet
⋅
Deep Analysis of New Poison Ivy Variant Poison Ivy |
| 2017-08-02
⋅
RSA Link
⋅
Malspam delivers Xtreme RAT 8-1-2017 Xtreme RAT |
| 2017-05-31
⋅
MITRE
⋅
PittyTiger Enfal Ghost RAT MimiKatz Poison Ivy APT24 |
| 2017-03-14
⋅
ClearSky
⋅
Operation Electric Powder – Who is targeting Israel Electric Company? Molerat Loader |
| 2016-11-22
⋅
Palo Alto Networks Unit 42
⋅
Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy Poison Ivy |
| 2016-10-26
⋅
Unknown
⋅
Moonlight – Targeted attacks in the Middle East Houdini NjRAT Molerats |
| 2016-06-08
⋅
ClearSky
⋅
Operation DustySky Part 2 Molerats |
| 2016-04-26
⋅
Github (CyberMonitor)
⋅
New Poison Ivy Activity Targeting Myanmar, Asian Countries Poison Ivy |
| 2016-04-22
⋅
Palo Alto Networks Unit 42
⋅
New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists Poison Ivy |
| 2016-01-01
⋅
ClearSky
⋅
Operation DustySky Molerats |
| 2015-12-08
⋅
The Citizenlab
⋅
Packrat: Seven Years of a South American Threat Actor AdWind Adzok CyberGate Xtreme RAT Packrat |
| 2015-12-03
⋅
Symantec
⋅
Colombians major target of email campaigns delivering Xtreme RAT Xtreme RAT |
| 2015-09-28
⋅
Kaspersky Labs
⋅
Gaza cybergang, where’s your IR team? Molerats |
| 2015-04-27
⋅
PWC
⋅
Attacks against Israeli & Palestinian interests Molerats |
| 2015-02-06
⋅
CrowdStrike
⋅
CrowdStrike Global Threat Intel Report 2014 BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor |
| 2014-09-19
⋅
Palo Alto Networks Unit 42
⋅
Recent Watering Hole Attacks Attributed to APT Group “th3bug” Using Poison Ivy Poison Ivy |
| 2014-06-02
⋅
FireEye
⋅
Molerats, Here for Spring! Molerats |
| 2014-02-19
⋅
FireEye
⋅
XtremeRAT: Nuisance or Threat? Xtreme RAT |
| 2014-01-01
⋅
FireEye
⋅
Operation Quantum Entanglement IsSpace NewCT Poison Ivy SysGet |
| 2013-10-31
⋅
FireEye
⋅
Know Your Enemy: Tracking A Rapidly Evolving APT Actor Bozok Poison Ivy TEMPER PANDA |
| 2013-08-23
⋅
FireEye
⋅
Operation Molerats: Middle East Cyber Attacks Using Poison Ivy Poison Ivy Molerats |
| 2012-07-22
⋅
Malware.lu
⋅
Xtreme RAT analysis Xtreme RAT |
| 2012-01-13
⋅
Middle East Online
⋅
Cyber war: 'Gaza hackers' deface Israel fire service website Molerats |
| 2011-01-01
⋅
Symantec
⋅
The Nitro Attacks: Stealing Secrets from the Chemical Industry Poison Ivy Nitro |
| 2010-01-01
⋅
Mandiant
⋅
State of Malware: Family Ties Bredolab Conficker Cutwail KoobFace Oderoor Poison Ivy Rustock Sinowal Szribi Zeus |