NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / MoustachedBouncer

MoustachedBouncer

G1019 Espionage MITRE ATT&CK →

Overview

MoustachedBouncer is a cyberespionage group that has been active since at least 2014 targeting foreign embassies in Belarus.

Targets

Government

Regions

Eastern Europe · Europe · Northeast Africa · South Asia

Capabilities

Custom malware/implant development — ATT&CK: 3 attributed custom malware families

TTPs — 8 techniques across 6 tactics

Initial Access

T1659 Content Injection

Execution

T1059.001 PowerShell
T1059.007 JavaScript

Privilege Escalation

T1068 Exploitation for Privilege Escalation

Stealth

T1027.002 Software Packing

Collection

T1074.002 Remote Data Staging
T1113 Screen Capture

Command and Control

T1090 Proxy

Tools & malware (3)

NightClub · Disco · SharpDisco

Reporting (1)

MoustachedBouncer: Espionage against foreign diplomats in Belarus — Faou, M