Hide Navigation Hide TOC

Disco - S1088 (e1445afd-c359-45ed-8f27-626dc4d5e157)

Disco is a custom implant that has been used by MoustachedBouncer since at least 2020 including in campaigns using targeted malicious content injection for initial access and command and control.(Citation: MoustachedBouncer ESET August 2023)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	Disco - S1088 (e1445afd-c359-45ed-8f27-626dc4d5e157)	Malware	1
Disco - S1088 (e1445afd-c359-45ed-8f27-626dc4d5e157)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
Content Injection - T1659 (43c9bc06-715b-42db-972f-52d25c09a20c)	Attack Pattern	Disco - S1088 (e1445afd-c359-45ed-8f27-626dc4d5e157)	Malware	1
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Disco - S1088 (e1445afd-c359-45ed-8f27-626dc4d5e157)	Malware	1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Disco - S1088 (e1445afd-c359-45ed-8f27-626dc4d5e157)	Malware	1
Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e)	Attack Pattern	User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	2
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9)	Attack Pattern	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	2