Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Exposing the MOLERaTS Cyber Threat Actor

Thursday, June 13, 2024

Exposing the MOLERaTS Cyber Threat Actor - An Analysis

Dear blog readers,

In this analysis I'll take an in-depth look inside the MOLERaTS cyber threat actor in terms of actionable intelligence and the gang's online and Internet-connected infrastructure.

Related URLs:

hxxp://bitly[.]com/1YRoIPX

hxxp://mafy[.]2waky[.]com

Related known responding IPs:

192[.]52[.]167[.]118

204[.]152[.]203[.]99

192[.]161[.]48[.]59

192[.]52[.]167[.]118

185[.]82[.]202[.]207

173[.]254[.]236[.]130

168[.]235[.]86[.]156

167[.]160[.]36[.]101

107[.]191[.]47[.]42

84[.]200[.]68[.]163

72[.]11[.]148[.]147

23[.]229[.]3[.]70

84[.]200[.]68[.]163

23[.]229[.]3[.]70

204[.]152[.]203[.]99

192[.]52[.]167[.]118

168[.]235[.]86[.]156

167[.]160[.]36[.]101

Related primary group's URLs:

hxxp://gaza-hacker[.]com

hxxp://hacker[.]ps

hxxp://gaza-hacker[.]net

hxxp://gaza-hack[.]org

hxxp://gaza-hack[.]info

hxxp://xhackerx[.]com

hxxp://gaza-hack[.]com

hxxp://gaza-Hackers[.]com

Personally identifiable email address account:

moayy2ad[.]hotmail.com

Related MD5s:

b1071ab4c3ef255c6ec95628744cfd3d

77d6e2068bb3367b1a46472b56063f10

Related C&Cs:

hxxp://mrayesh[.]blogspot[.]com

hxxp://education-support[.]space

hxxp://falcondefender[.]com

hxxp://support-update[.]ml

hxxp://such[.]market

Related known responding IPs:

84[.]200[.]68[.]163

23[.]229[.]3[.]70

204[.]152[.]203[.]99

192[.]52[.]167[.]118

168[.]235[.]86[.]156

167[.]160[.]36[.]101

Related MD5s:

59bab785127418972dda9da5571b73fd

07dae7dada9ec3fa22507dfa5921c993

4bd6a959cce13d1f5b5511a428e88c9c

2ba0e52b885cabfbcd88866ab4072f54

1d922e183418ac087933c526f7bd06c1

3ce39f8afce9463c6d90c00ce72edb86

77fd78042407a7318dba388da00700cc

Related C&C URLs:

hxxp://smail.otzo[.]com/W/Gfsdfsdfsrydkfpsdmfpsadsdfsdfsdfsdfdfsp.php

hxxp://smail.otzo[.]com/y/analysis--hezbollah.rar

hxxp://drive.google[.]com/uc?export=download&id=0B7XzN8DNbJKiQlFNRHdVTmpCd0U

hxxp://drive.google[.]com/uc?export=download&id=0BxaUrWGCqlWLMTQzMVFNOENIUFk

hxxp://drive.google[.]com/uc?export=download&id=0B7n4BFDObRocdm1uS2J4SWVUNWc

hxxp://drive.google[.]com/uc?export=download&id=0ByjYVMTYJB0saHlTalJ6ZWlWWGM

hxxp://support.mafy-koren[.]online/reg-update

hxxp://support.mafy-koren[.]online/UFeed.php

hxxp://may2008[.]dyndns[.]info

hxxp://menu[.]dyndns[.]biz

hxxp://flashsoft[.]no-ip[.]biz

hxxp://monagameel[.]chickenkiller[.]com

hxxp://hatamaya[.]chickenkiller[.]com

hxxp://powerhost[.]zapto[.]org

hxxp://helpme[.]no-ip[.]biz

hxxp://mjed10[.]no-ip[.]info

hxxp://good[.]zapto[.]org

hxxp://hint[.]zapto[.]org

hxxp://hint1[.]zapto[.]org

hxxp://natco1[.]no-ip[.]net

hxxp://natco2[.]no-ip[.]net

hxxp://natco3[.]no-ip[.]net

hxxp://natco4[.]no-ip[.]net

hxxp://loading[.]myftp[.]org

hxxp://skype[.]servemp3[.]com

hxxp://test[.]cable-modem[.]org

hxxp://idf[.]blogsite[.]org

hxxp://javaupdate[.]no-ip[.]info

hxxp://lokia[.]mine[.]nu

hxxp://hint-sms[.]com

hxxp://owner[.]no-ip[.]biz

hxxp://remoteback[.]no-ip[.]biz

hxxp://ramadi[.]no-ip[.]biz

Related MD5s:

A5DE87646EE943CD1F448A67FDBE2817

F982401E46864F640BCAEDC200319109

EC5B360F5FF6251A08A14A2E95C4CAA4

97576FA7A236679DBE3ABE1A4E852026

C1EC435E97A4A4C5585392D738B5879F

2559FE4EB88561138CE292DF5D0E099F

0ABF3FA976372CBC8BF33162795E42A8

1f1e9958440d773c34415d9eb6334b25

0B3B1E2E22C548D8F53C2AA338ABD66E

0AA7B256D2DCC8BD3914F895B134B225

B455426811B82CB412952F63D911D2A8

E431634699D7E5025ECDF7B51A800620

FF8E19CA8A224CC843BF0F2F74A3274E

7C5272F3F24ACB225270DDED72CFC1D4

8AEAA0C81A36449EC9613CA846E196F2

FC17F3B2E2C7F5F24D35899D95B8C4A6

926235FCF7B91442A405B5760A0729EB

963BFAE19B3DA5BECE081DFF1D1E3EF9

EBC9BDF9FDF0A9773899D96D24AC46F4

4A06D9989A8C3A9967C2011E5BAF3010

4DC0BCDCFB3F3D794175B21872A76079

998F30457BC48A1A6567203E0EC3282E

91FC9D1B635FDEE4E56AEC32688A0E6C

940B3ACDF1E26FCCCF74A5A0359FB079

cebc8b51d51e442e2af8c86e70c8adf4

31F96ADD841594D35E6E97376114E756

6E416C45A833F959A63785892042595A

0DC102CFB87C937EEFFE01A06F94E229

B7DF947B4A67A884C751840F83C4405E

2EB1503751A7C74890096B1837C7BD81

C21D7165B25CAF65D7F92FF758C1B5B1

0A67F9CC30083AFB7E1F8295AE152BB6

15FC009D9CAAA8F11D6C3DA2B69EA06E

D9D1B0C467FA4999DEF6CD53447F1221

E9823B61E6CE999387DE821DFBF6E741

2AAD951DBECB6D4715B306B337CA5C34

ED53831468DDF4220E1DC3C3398F7F39

66DDF27517985A75B2317231B46A6F62

86BE5F0D2303FB4A8A8E297A53AC0026

A1187DE4C4B88E560D46940B820A6228

D14E0A3D408065B1551F2827B50B83CA

B6C8A6D6C35428779C5C65C1B273EBA0

841565C67006E6A0A450C48054CF348C

C8202523F35295E8BC8CC1731EDB0559

C03B5985F2504939DA9874246A439E25

216689B2CA82F16A0CAB3A2712C27DA6

5B740B4623B2D1049C0036A6AAE684B0

9C39D6F52E1E1BE5AE61BAB90971D054

E7E05001A294EBFE8A012DD3BCE78E96

F68F85B0FBCA450F0D5C8828063AD30D

3DA8C22F5340850EE5A2C25B1D17FC27

9D144A828F757A90B86976EF0C906B3F

DBE2AC744A3947B6306E13EBCCB718BF

861C90536B3B5A4A8309ADBBFD5C4713

947557A55267DFFB3F85E0D7496A3679

2BFE41D7FDB6F4C1E38DB4A5C3EB1211

2BCDC5091C446E8B6888D802A3589E09

72FD6074915F8F123EB44B3DD475D36B

41454B390B73A45004B916B96C693312

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Thursday, June 13, 2024

Exposing the MOLERaTS Cyber Threat Actor - An Analysis

No comments:

Post a Comment