Molatori

Also known as: Molatori

Molatori is a threat actor group identified by Malwarebytes researchers, known for utilizing malicious ScreenConnect clients hosted on domains like atmolatori.icu and gomolatori.cyou. They employ phishing tactics, masquerading as communications from the Social Security Administration to lure targets into installing the client. Once installed, the ScreenConnect client allows the actors to remotely access the victim’s computer, facilitating the exfiltration of sensitive information such as banking details and personal identification numbers. The primary objective of the Molatori group is financial fraud, leveraging the stolen data for identity theft and other malicious activities.

Introduction

Molatori is a threat actor group identified by Malwarebytes researchers, known for utilizing malicious ScreenConnect clients hosted on domains like atmolatori.icu and gomolatori.cyou. They employ phishing tactics, masquerading as communications from the Social Security Administration to lure targets into installing the client. Once installed, the ScreenConnect client allows the actors to remotely access the victim’s computer, facilitating the exfiltration of sensitive information such as banking details and personal identification numbers. The primary objective of the Molatori group is financial fraud, leveraging the stolen data for identity theft and other malicious activities.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • RemoteCMD
  • ClientMesh
  • Remote Utilities
  • RemotePC
  • Archelaus Beta
  • Client Maximus

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.