ioc[.]one - OSINT Cyber Threat Intelligence Database

MoustachedBouncer: Belarus-Linked threat group exploit ISPs for AiTM attacks

Tags

cmtmf-attack-pattern:	Application Layer Protocol Data Manipulation Scheduled Task/Job
country:	Belarus Belgium
attack-pattern:	Data Direct Adversary-In-The-Middle - T1638 Adversary-In-The-Middle - T1557 Application Layer Protocol - T1437 Audio Capture - T1429 Create Or Modify System Process - T1543 Data From Local System - T1533 Data Manipulation - T1641 Data Manipulation - T1565 Dns - T1071.004 Dns - T1590.002 Drive-By Compromise - T1456 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Exploitation For Privilege Escalation - T1404 File Transfer Protocols - T1071.002 Gather Victim Network Information - T1590 Input Capture - T1417 Ip Addresses - T1590.005 Keylogging - T1056.001 Keylogging - T1417.001 Mail Protocols - T1071.003 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Non-Standard Encoding - T1132.002 Powershell - T1059.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Standard Encoding - T1132.001 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 Transmitted Data Manipulation - T1493 Windows Service - T1543.003 Transmitted Data Manipulation - T1565.002 Transmitted Data Manipulation - T1641.001 Standard Application Layer Protocol - T1071 Audio Capture - T1123 Connection Proxy - T1090 Data Encoding - T1132 Data From Local System - T1005 Data From Removable Media - T1025 Deobfuscate/Decode Files Or Information - T1140 Drive-By Compromise - T1189 Exfiltration Over Command And Control Channel - T1041 Exploitation For Privilege Escalation - T1068 Input Capture - T1056 Powershell - T1086 Scheduled Task - T1053 Screen Capture - T1113 User Execution - T1204 Drive-By Compromise Screen Capture User Execution

Show in Graph

Common Information

Type	Value
UUID	c9158f00-9dcd-4df2-8ab6-0eb37c0dca38
Fingerprint	b945a9588bacfeb2
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 13, 2023, midnight
Added to db	Aug. 15, 2023, 2:13 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	MoustachedBouncer: Belarus-Linked threat group exploit ISPs for AiTM attacks
Title	MoustachedBouncer: Belarus-Linked threat group exploit ISPs for AiTM attacks
Detected Hints/Tags/Attributes	100/3/69

Source URLs

	Redirection	Url
Details	Source	https://andreafortuna.org/2023/08/13/moustachedbouncer-belarus-linked-threat-group-exploit-isps-for-aitm-attacks/

URL Provider

Details	Provider	Source level domain
Details	andreafortuna.org	andreafortuna.org

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	13	✔	Andrea Fortuna	https://andreafortuna.org/feed.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	45	cve-2021-1732
Details	Domain	246	mail.ru
Details	Domain	27	seznam.cz
Details	Domain	1	windows.network.troubleshooter.com
Details	Domain	5	updates.microsoft.com
Details	Email	1	fhtgbbwi@mail.ru
Details	Email	1	nvjfnvjfnjf@mail.ru
Details	Email	1	glen.morriss75@seznam.cz
Details	Email	1	sunyaf@seznam.cz
Details	sha1	2	02790dc4b276dfbb26c714f29d19e53129bb6186
Details	sha1	2	6eff58edf7ac0fc60f0b8f7e22cfe243566e2a13
Details	sha1	2	e65eb4467ddb1c99b09ae87ba0a964c36bab4c30
Details	sha1	2	3a9b699a25257cbd0476cb1239ff9b25810305fe
Details	sha1	2	19e3d06fbe276d4aaea25abc36cc40ea88435630
Details	sha1	2	52be04c420795b0d9c7cd1a4acbf8d5953fafd16
Details	sha1	2	0241a01d4b03bd360dd09165b59b63ac2ceceafb
Details	sha1	2	a01f1a9336c83ffe1b13410c93c1b04e15e2996c
Details	sha1	2	c2aa90b441391adefaa3a841aa8ce777d6ec7e18
Details	sha1	2	c5b2323eae5e01a6019931ce35ff7623df7346ba
Details	sha1	2	c46cb98d0ceccb83ec7de070b3fa7afee7f41189
Details	sha1	2	a3ae82b19fee2756d6354e85a094f1a4598314ab
Details	sha1	2	4f1cecf6d05571ae35ed00ac02d5e8e0f878a984
Details	sha1	2	0daea89f91a55f46d33c294cfe84ef06ce22e393
Details	sha1	2	11cf38d971534d9b619581cedc19319962f3b996
Details	sha1	2	f92fe4dd679903f75ade64dc8a20d46dfbd3b277
Details	sha1	2	6999730d0715606d14acd19329af0685b8ad0299
Details	sha1	2	6e729e84c7672f048ed8ae847f20a0219e917fa3
Details	sha1	2	0401ee7f3bc384734bf7e352c4c4bc372840c30d
Details	sha1	2	5b55250cc0da407201b5f042322cfdbf56041632
Details	sha1	2	d14d9118335c9bf6633cb2a41023486dacbeb052
Details	sha1	2	e6de72516c1d4338d7e45e028340b54dcdc7a8ac
Details	sha1	2	3ad77281640e7ba754e9b203c8b6abfd3f6a7bdd
Details	sha1	2	142ff0770bc6e3d077fbb64d6f23499d9deb9093
Details	sha1	2	fe9527277c06d7f986161291ce7854ee79788cb8
Details	sha1	2	92115e21e565440b1a26ecc20d2552a214155669
Details	sha1	2	de0b38e12c0af0fd63a67b03dd1f8c1bf7fa6128
Details	sha1	2	d2b715a72bba307cc9bf7690439d34f62edf1324
Details	sha1	2	df8ded42f9b7de1f439aec50f9c2a13cd5eb1db6
Details	IPv4	1	185.87.148.86
Details	IPv4	1	185.87.151.130
Details	IPv4	1	45.136.199.67
Details	IPv4	1	45.136.199.129
Details	IPv4	2	24.9.51.94
Details	IPv4	3	35.214.56.2
Details	IPv4	2	38.9.8.78
Details	IPv4	3	52.3.8.25
Details	IPv4	3	59.6.8.25
Details	IPv4	3	209.19.37.184
Details	MITRE ATT&CK Techniques	14	T1590.005
Details	MITRE ATT&CK Techniques	183	T1189
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	34	T1025
Details	MITRE ATT&CK Techniques	118	T1056.001
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	23	T1123
Details	MITRE ATT&CK Techniques	31	T1071.002
Details	MITRE ATT&CK Techniques	14	T1071.003
Details	MITRE ATT&CK Techniques	52	T1071.004
Details	MITRE ATT&CK Techniques	99	T1132.001
Details	MITRE ATT&CK Techniques	40	T1132.002
Details	MITRE ATT&CK Techniques	130	T1573.001
Details	MITRE ATT&CK Techniques	21	T1557
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	7	T1565.002