Skip to content

Hide Navigation Hide TOC

SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3)

SharpDisco is a dropper developed in C# that has been used by MoustachedBouncer since at least 2020 to load malicious plugins.(Citation: MoustachedBouncer ESET August 2023)

Cluster A Galaxy A Cluster B Galaxy B Level
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3) Malware 1
SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3) Malware Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 1
SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3) Malware 1
SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3) Malware 1
SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3) Malware File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 1
SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3) Malware Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 1
SharpDisco - S1089 (1fefb062-feda-484a-8f10-0cebf65e20e3) Malware Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2