{ "name": "Fresh mischief and digital shenanigans", "slug": "fresh-mischief-and-digital-shenanigans", "description": "FrostyNeighbor, a cyberespionage group allegedly operating from Belarus and active since at least 2016, continues targeting governmental, military, and key sectors in Eastern Europe, particularly Ukraine, Poland, and Lithuania. Recent activities detected since March 2026 show the group targeting Ukrainian governmental organizations using evolved compromise chains. The attacks utilize spearphishing with malicious PDF lures impersonating legitimate entities, delivering JavaScript variants of PicassoLoader downloader. The group employs server-side victim validation based on geolocation and fingerprinting before manually delivering Cobalt Strike beacons. FrostyNeighbor demonstrates high operational maturity through diverse delivery mechanisms, exploitation of legitimate services, and regular toolset updates to evade detection, while maintaining focus on credential harvesting and establishing persistent access to compromised systems.", "published": "2026-05-21T03:47:08.397000+00:00", "created_at": "2026-05-21T17:11:51.035000+00:00", "modified_at": "2026-05-21T15:12:07+00:00", "created_at_opencti": "2026-05-21T17:11:51.035000+00:00", "author": "AlienVault", "confidence": 100, "report_types": [ "threat-report" ], "labels": [ "belarus", "cobalt strike", "cve-2023-38831", "cve-2024-42009", "cyberespionage", "eastern europe", "governmental targeting", "picassoloader", "spearphishing", "ukraine" ], "tags": [ "2026-05-21", "CVE-2023-38831", "CVE-2024-42009", "belarus", "cobalt strike", "cyberespionage", "eastern europe", "governmental targeting", "picassoloader", "spearphishing", "ukraine" ], "related_entities": { "indicators": [ { "id": "3dffbbbb-7895-410a-add3-2507072d3da4", "name": "exavegas.icu" }, { "id": "11ec99a0-11a3-49ea-b575-a7ce5c1fc3ac", "name": "904685ae9056856132b8a2837b41676fe67038558ce62b61008d31fbbf384feb" }, { "id": "ab6d7b21-8788-461b-943d-b1fbd86db128", "name": "hinesafar.sardk.icu" }, { "id": "ac882002-e4f8-4468-a6f1-707269af5631", "name": "static.needbinding.icu" }, { "id": "33438e65-dc2e-406e-8eac-e3a06a1682cf", "name": "view.algsat.icu" }, { "id": "175fa80e-4e38-41b1-a903-777cbc8d11a9", "name": "mickeymousegamesdealer.alexavegas.icu" }, { "id": "7a1900ea-6a6f-4e13-be5f-a1ae38f9d707", "name": "easiestnewsfromourpointofview.algsat.icu" }, { "id": "88c0c91a-5e28-4372-a8c8-7ec513c77e8b", "name": "best-seller.lavanille.buzz" }, { "id": "7e8d2d94-3753-4d41-9c9b-d5c4c86a58ce", "name": "https://book-happy.needbinding.icu/wp-content/uploads/2023/10/1GreenAM.jpg" }, { "id": "888a0690-b055-4ec1-b5d5-a04aaed66881", "name": "https://nama-belakang.nebao.icu/statistics/discover.txt" }, { "id": "44b6b863-0620-496e-9a69-1c5a27954ad1", "name": "shinesafar.sardk.icu" }, { "id": "050c7f35-51a7-4283-a12e-16129fad3b96", "name": "a1dab59c6952e58588bc3b237323b6c3009c96f94aef069025cfbdfe0bb2a191" }, { "id": "8b0ddc33-9745-4d93-8c87-6b05f90d6d41", "name": "1db961084b72a94fda47caa7455e41a1ad3f0ea3088cd4874e3721840e4b84d9" }, { "id": "b58f9eda-a32b-4c21-a390-bf5ac05854c3", "name": "mickeymousegamesdealer.al" }, { "id": "46fc530b-6dfe-4fbd-895b-e12b1375c9bf", "name": "7b859ed1d379b5ecc4118df9f3de628e036c154dd69748b1505c38eaf2cf8e47" }, { "id": "5472d4ce-38c0-4219-8871-2ddd57768d70", "name": "cf635a7a9753058eb92f839686149a1d8792d2f107e78c3175a157e7f4042385" }, { "id": "2992ea5c-e186-421e-822d-3bf2fb048fbe", "name": "6861ccc49586bc4e41b0947ac23a47409a29569540abb4bbf35e1db23665e498" }, { "id": "2db1f405-9fea-4683-b2d1-6ac9d279bceb", "name": "https://book-happy.needbinding.icu/employment/documents-and-resources" }, { "id": "ec352f88-553d-4e36-871c-a636145fdbde", "name": "attachment-storage-asset-static.needbinding.icu" }, { "id": "a441d6a8-3dd4-4d73-92d3-dc23bd2431dc", "name": "nama-belakang.nebao.icu" }, { "id": "194b32d7-1ea8-436a-a465-b3c80871f656", "name": "book-happy.needbinding.icu" } ], "intrusion_sets": [ { "id": "f66d4ff5-ef2a-4c5d-b183-8ed3b993814e", "name": "FrostyNeighbor", "slug": "frostyneighbor" } ], "attack_patterns": [ { "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1", "name": "T1057" }, { "id": "6ccd4566-e15e-40cf-b7df-4a3f737ce5cd", "name": "T1036.005" }, { "id": "6a146066-5a78-493c-a26a-133b62c1149e", "name": "T1588.002" }, { "id": "f90b00e3-95b7-432f-b163-6a9a2102e598", "name": "T1060" }, { "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f", "name": "T1071.001" }, { "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6", "name": "T1204.002" }, { "id": "40f0d8e3-bcd7-4b97-a958-f55815698fc5", "name": "T1053.005" }, { "id": "dc410646-9cdd-427b-92e7-179a54f78f90", "name": "T1566.001" }, { "id": "1e043fe4-2413-4b8e-887c-0fe45d095a24", "name": "T1583" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" }, { "id": "9c5a20d1-0df9-4e99-bcc5-0b731a78b5d1", "name": "T1608" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "fa3b8b48-d97c-4242-83a6-07d435a5a79e", "name": "T1041" } ], "malware": [ { "id": "e98decc4-ac5d-4ed7-a1c2-da99246d2c7c", "name": "PicassoLoader", "slug": "picassoloader" }, { "id": "ab138766-9b64-4880-87fb-1942a709d778", "name": "Cobalt Strike - S0154", "slug": "cobalt-strike-s0154" } ], "observables": [ { "id": "7ecf9c8e-c06e-434f-bbed-da3991a23a1a", "name": "exavegas.icu" }, { "id": "668a51a6-8b1d-461e-a076-b64f37395131", "name": "mickeymousegamesdealer.al" }, { "id": "7dbe664d-9e02-41c0-bc77-ecac9d9396dc", "name": "static.needbinding.icu" }, { "id": "f24ea3b3-209c-4362-bf71-4909e0275e86", "name": "hinesafar.sardk.icu" }, { "id": "d34a89c4-9179-45f9-bc4e-ad17e03da9a6", "name": "best-seller.lavanille.buzz" }, { "id": "025d9ed4-ab8f-477f-b285-2af031176178", "name": "shinesafar.sardk.icu" }, { "id": "4469b6d9-16dd-48e0-a2e5-597167d934f8", "name": "mickeymousegamesdealer.alexavegas.icu" }, { "id": "1b2ac4f9-d1d7-4655-82ed-07b2755bbed4", "name": "easiestnewsfromourpointofview.algsat.icu" }, { "id": "67a9602d-6d76-4fe9-8983-b0498f4280b6", "name": "nama-belakang.nebao.icu" }, { "id": "18ea84e0-8257-4665-b359-1b6ebd080ee8", "name": "book-happy.needbinding.icu" }, { "id": "6f45b962-5f0e-4a2c-a9e2-ce7a74bbb31e", "name": "view.algsat.icu" }, { "id": "1ecfc7f3-4791-49d4-a063-ed5a8b1d8544", "name": "attachment-storage-asset-static.needbinding.icu" }, { "id": "676201af-344a-45ff-831c-2466e6f719b7", "name": "https://book-happy.needbinding.icu/employment/documents-and-resources" }, { "id": "eeda97fa-0243-4057-bacc-fcaa4cc7caff", "name": "https://book-happy.needbinding.icu/wp-content/uploads/2023/10/1GreenAM.jpg" }, { "id": "b2792835-71e7-4945-933d-d13c9acb448c", "name": "https://nama-belakang.nebao.icu/statistics/discover.txt" }, { "id": "", "name": "904685ae9056856132b8a2837b41676fe67038558ce62b61008d31fbbf384feb" }, { "id": "", "name": "a1dab59c6952e58588bc3b237323b6c3009c96f94aef069025cfbdfe0bb2a191" }, { "id": "", "name": "1db961084b72a94fda47caa7455e41a1ad3f0ea3088cd4874e3721840e4b84d9" }, { "id": "", "name": "7b859ed1d379b5ecc4118df9f3de628e036c154dd69748b1505c38eaf2cf8e47" }, { "id": "", "name": "cf635a7a9753058eb92f839686149a1d8792d2f107e78c3175a157e7f4042385" }, { "id": "", "name": "6861ccc49586bc4e41b0947ac23a47409a29569540abb4bbf35e1db23665e498" } ], "others": [ { "id": "", "name": "Poland" }, { "id": "", "name": "Lithuania" }, { "id": "", "name": "Ukraine" }, { "id": "", "name": "Manufacturing" }, { "id": "", "name": "Health" }, { "id": "", "name": "Telecommunications" }, { "id": "", "name": "Defense" }, { "id": "", "name": "Government" }, { "id": "", "name": "exavegas.icu" }, { "id": "", "name": "hinesafar.sardk.icu" }, { "id": "", "name": "static.needbinding.icu" }, { "id": "", "name": "view.algsat.icu" }, { "id": "", "name": "mickeymousegamesdealer.alexavegas.icu" }, { "id": "", "name": "easiestnewsfromourpointofview.algsat.icu" }, { "id": "", "name": "best-seller.lavanille.buzz" }, { "id": "", "name": "shinesafar.sardk.icu" }, { "id": "", "name": "mickeymousegamesdealer.al" }, { "id": "", "name": "attachment-storage-asset-static.needbinding.icu" }, { "id": "", "name": "nama-belakang.nebao.icu" }, { "id": "", "name": "book-happy.needbinding.icu" } ] }, "external_refs": [ { "id": "868c6e43-67cd-465e-8a8e-4acf739885e8", "standard_id": "external-reference--018802bc-9638-5b4d-b872-5c7100d5e73d", "entity_type": "External-Reference", "source_name": "AlienVault", "description": null, "url": "https://otx.alienvault.com/pulse/6a0e803c81c123ee6cf7066a", "hash": null, "external_id": "6a0e803c81c123ee6cf7066a", "created": "2026-05-21T17:11:48.426Z", "modified": "2026-05-21T17:11:48.426Z", "createdById": null }, { "id": "74ce9d39-f200-4be6-bf11-0f19fa89fb67", "standard_id": "external-reference--d22c442a-7c43-5893-8042-033784e7de87", "entity_type": "External-Reference", "source_name": "AlienVault", "description": null, "url": "https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/", "hash": null, "external_id": null, "created": "2026-05-21T17:11:48.465Z", "modified": "2026-05-21T17:11:48.465Z", "createdById": null } ] }