Description
[MoustachedBouncer](https://attack.mitre.org/groups/G1019) is a cyberespionage group that has been active since at least 2014 targeting foreign embassies in Belarus.(Citation: MoustachedBouncer ESET August 2023)
Techniques Used (TTPs)
- T1059.001 — PowerShell (execution)
- T1059.007 — JavaScript (execution)
- T1027.002 — Software Packing (defense-evasion)
- T1113 — Screen Capture (collection)
- T1090 — Proxy (command-and-control)
- T1068 — Exploitation for Privilege Escalation (privilege-escalation)
- T1074.002 — Remote Data Staging (collection)
- T1659 — Content Injection (initial-access, command-and-control)
Total TTPs: 8
Malware & Tools
Malware: Disco, NightClub, SharpDisco