From c1d3164ef618f36ded299c0dd76e7d0fb09ab42d Mon Sep 17 00:00:00 2001
From: Daniel Plohmann <daniel.plohmann@mailbox.org>
Date: Thu, 10 Aug 2023 15:49:11 +0200
Subject: [PATCH] adding MoustachedBouncer

---
 clusters/threat-actor.json | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 4c6449e..f388610 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -11462,7 +11462,30 @@
       },
       "uuid": "77742419-aa71-4bc2-94c6-29c394b350e7",
       "value": "Worok"
+    },
+{
+      "description": "MoustachedBouncer is a cyberespionage group discovered by ESET Research and first publicly disclosed in August 2023. The group has been active since at least 2014 and only targets foreign embassies in Belarus. Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets. The group uses two separate toolsets that we have named NightClub and Disco.",
+      "meta": {
+        "attribution-confidence": "50",
+        "cfr-suspected-state-sponsor": "Belarus",
+        "cfr-suspected-victims": [
+          "Europe",
+          "Eastern Europe",
+          "South Asia",
+          "Northeast Africa"
+        ],
+        "cfr-target-category": [
+          "Government"
+        ],
+        "cfr-type-of-incident": "Espionage",
+        "country": "BY",
+        "refs": [
+          "https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/"
+        ]
+      },
+      "uuid": "01ac8b25-492e-444b-891b-968f2694e7b2",
+      "value": "MoustachedBouncer"
     }
   ],
-  "version": 276
+  "version": 277
 }