MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #857 from danielplohmann/main-2 

adding MoustachedBouncer
pull/858/head
Alexandre Dulaunoy 2023-08-10 16:12:31 +02:00 committed by GitHub
parent 734823676f b083ae12bc
commit 7462830337
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
clusters/threat-actor.json
View File

@ -11462,7 +11462,30 @@
}, },
"uuid": "77742419-aa71-4bc2-94c6-29c394b350e7", "uuid": "77742419-aa71-4bc2-94c6-29c394b350e7",
"value": "Worok" "value": "Worok"
},
{
"description": "MoustachedBouncer is a cyberespionage group discovered by ESET Research and first publicly disclosed in August 2023. The group has been active since at least 2014 and only targets foreign embassies in Belarus. Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets. The group uses two separate toolsets that we have named NightClub and Disco.",
"meta": {
"attribution-confidence": "50",
"cfr-suspected-state-sponsor": "Belarus",
"cfr-suspected-victims": [
"Europe",
"Eastern Europe",
"South Asia",
"Northeast Africa"
],
"cfr-target-category": [
"Government"
],
"cfr-type-of-incident": "Espionage",
"country": "BY",
"refs": [
"https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/"
]
},
"uuid": "01ac8b25-492e-444b-891b-968f2694e7b2",
"value": "MoustachedBouncer"
} }
], ],
"version": 276 "version": 277
} }