Skip to content

S0553 MoleNet

MoleNet is a downloader tool with backdoor capabilities that has been observed in use since at least 2019.1

Item Value
ID S0553
Associated Names
Version 1.0
Created 28 December 2020
Last Modified 27 April 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1547 Boot or Logon Autostart Execution -
enterprise T1547.001 Registry Run Keys / Startup Folder MoleNet can achieve persitence on the infected machine by setting the Registry run key.1
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.001 PowerShell MoleNet can use PowerShell to set persistence.1
enterprise T1059.003 Windows Command Shell MoleNet can execute commands via the command line utility.1
enterprise T1105 Ingress Tool Transfer MoleNet can download additional payloads from the C2.1
enterprise T1518 Software Discovery -
enterprise T1518.001 Security Software Discovery MoleNet can use WMI commands to check the system for firewall and antivirus software.1
enterprise T1082 System Information Discovery MoleNet can collect information about the about the system.1
enterprise T1047 Windows Management Instrumentation MoleNet can perform WMI commands on the system.1

Groups That Use This Software

ID Name References
G0021 Molerats 1