Disco
Disco is a custom implant that has been used by MoustachedBouncer since at least 2020 including in campaigns using targeted malicious content injection for initial access and command and control.[1]
ID: S1088
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.0
Created: 25 September 2023
Last Modified: 04 October 2023
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1659 | 内容注入 |
Disco has achieved initial access and execution through content injection into DNS, HTTP, and SMB replies to targeted hosts that redirect them to download malicious files.[1] |
|
| Enterprise | T1071 | .002 | 应用层协议: File Transfer Protocols | |
| Enterprise | T1204 | .002 | 用户执行: Malicious File |
Disco has been executed through inducing user interaction with malicious .zip and .msi files.[1] |
| Enterprise | T1105 | 输入工具传输 | ||
| Enterprise | T1053 | .005 | 预定任务/作业: Scheduled Task |
Disco can create a scheduled task to run every minute for persistence.[1] |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G1019 | MoustachedBouncer |