{
	"id": "f6eec90f-b60b-4049-a610-9914a8815c80",
	"created_at": "2026-04-06T00:14:13.429106Z",
	"updated_at": "2026-04-10T13:11:19.902255Z",
	"deleted_at": null,
	"sha1_hash": "991cfde780e357afe7ce9778c874e76d31a69797",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49492,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 16:28:09 UTC\nHome \u003e List all groups \u003e MoustachedBouncer\n APT group: MoustachedBouncer\nNames MoustachedBouncer (ESET)\nCountry Belarus\nMotivation Information theft and espionage\nFirst seen 2014\nDescription\n(ESET) MoustachedBouncer is a cyberespionage group discovered by ESET Research and\nfirst publicly disclosed in this blogpost. The group has been active since at least 2014 and only\ntargets foreign embassies in Belarus. Since 2020, MoustachedBouncer has most likely been\nable to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in\norder to compromise its targets. The group uses two separate toolsets that we have named\nNightClub and Disco.\nWhile we track MoustachedBouncer as a separate group, we have found elements that make us\nassess with low confidence that they are closely collaborating with another group known as\nWinter Vivern.\nObserved\nSectors: Foreign embassies in Belarus.\nCountries: Belarus.\nTools used\nInformation\nLast change to this card: 06 September 2023\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e6ac692d-4adb-403d-83c6-f0d8845a4866\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=e6ac692d-4adb-403d-83c6-f0d8845a4866\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e6ac692d-4adb-403d-83c6-f0d8845a4866"
	],
	"report_names": [
		"showcard.cgi?u=e6ac692d-4adb-403d-83c6-f0d8845a4866"
	],
	"threat_actors": [
		{
			"id": "23226bab-4c84-4c65-a8d1-7ac10c44b172",
			"created_at": "2023-04-27T02:04:45.463683Z",
			"updated_at": "2026-04-10T02:00:04.980143Z",
			"deleted_at": null,
			"main_name": "Winter Vivern",
			"aliases": [
				"TA473",
				"TAG-70",
				"UAC-0114",
				"UNC4907"
			],
			"source_name": "ETDA:Winter Vivern",
			"tools": [
				"APERETIF"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "821cb2ce-472c-438f-943d-19cf23204d9a",
			"created_at": "2023-11-01T02:01:06.683709Z",
			"updated_at": "2026-04-10T02:00:05.39433Z",
			"deleted_at": null,
			"main_name": "MoustachedBouncer",
			"aliases": [
				"MoustachedBouncer"
			],
			"source_name": "MITRE:MoustachedBouncer",
			"tools": [
				"SharpDisco"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "7d9d90f3-001e-4adc-8a77-8f93b5d02b01",
			"created_at": "2023-09-07T02:02:47.575324Z",
			"updated_at": "2026-04-10T02:00:04.770856Z",
			"deleted_at": null,
			"main_name": "MoustachedBouncer",
			"aliases": [],
			"source_name": "ETDA:MoustachedBouncer",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "e6704f3c-15d7-4e1d-b5a8-e33e7e9bd925",
			"created_at": "2023-11-04T02:00:07.660461Z",
			"updated_at": "2026-04-10T02:00:03.385093Z",
			"deleted_at": null,
			"main_name": "Winter Vivern",
			"aliases": [
				"TA-473",
				"UAC-0114",
				"TA473",
				"TAG-70"
			],
			"source_name": "MISPGALAXY:Winter Vivern",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "0e74afe0-92c3-4fca-93a4-d8e51180e105",
			"created_at": "2023-08-11T02:00:11.229735Z",
			"updated_at": "2026-04-10T02:00:03.37095Z",
			"deleted_at": null,
			"main_name": "MoustachedBouncer",
			"aliases": [],
			"source_name": "MISPGALAXY:MoustachedBouncer",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a20598c1-894c-4173-be6e-64a1ce9732bd",
			"created_at": "2024-11-01T02:00:52.652891Z",
			"updated_at": "2026-04-10T02:00:05.375678Z",
			"deleted_at": null,
			"main_name": "Winter Vivern",
			"aliases": [
				"Winter Vivern",
				"TA473",
				"UAC-0114"
			],
			"source_name": "MITRE:Winter Vivern",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434453,
	"ts_updated_at": 1775826679,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/991cfde780e357afe7ce9778c874e76d31a69797.pdf",
		"text": "https://archive.orkl.eu/991cfde780e357afe7ce9778c874e76d31a69797.txt",
		"img": "https://archive.orkl.eu/991cfde780e357afe7ce9778c874e76d31a69797.jpg"
	}
}