Blog » Molerats Ransomware Campaign

Molerats Ransomware Campaign

26 May 2026 campana campaign

Ransomware campaign by Molerats.

Resumen de la Campana

The Molerats ransomware team has established a persistent presence on the internet with several campaigns. The group targets enterprise and government organizations, typically using phishing to gain initial access before deploying ransomware payloads.

Objetivos

To establish long-term persistence through legitimate business applications (ERP systems).
To deliver ransomware payload with exfiltration capabilities.
To deploy additional malware such as command and control or data exfiltration tools if the target is compromised.

Tacticas

The Molerats campaign typically follows these steps:

Persistent Access: Using legitimate business applications (ERP systems) for initial access and persistence, often targeting enterprise environments with high security requirements.
Ransomware Deployment: Deploying ransomware payload to encrypt sensitive files. Payloads include RCE tools like CPE/BREED/PhishRAT or Exfiltrator Tools such as RFRS/FIRE.
Data Exfiltration (if compromised): Additional malware deployed for data exfiltration if the target is already compromised.

Indicadores de Compromiso (IOCs)

No hay indicadores de compromiso públicos disponibles para este grupo.

Tipo	Valor/Contexto
Domain Name:	molerats.com (no disponible en bases de datos públicas)

Impacto

Ransomware campaigns have caused significant business disruption, including ransom payments, operational downtime, and reputational damage.

← Volver al blog

Jordi Serrano — Senior Cyber Threat Intelligence

LinkedIn Instagram GitHub jordiserrano.me