true
Blog OSINT Threat Report: Pony Takes the Lead - Week of July 1

OSINT Threat Report: Pony Takes the Lead - Week of July 1

Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here. 

Pony/Fareit Emerges

This week we see that Pony is currently the most reported malware on the TruSTAR platform. Pony, also called Fareit, is a well-known piece of commodity malware used for credential theft. One thing to be on the lookout for is a shift in APT TTPs, particularly with Iran, now using more commodity malware as it makes attribution much more challenging. In this article from last week by Ars Technica, we see that Pony is a major player in some of the most prevalent forms of malware in recent memory.

Trickbot Gaining Steam

Last week we noted that there was a large uptick in Trickbot due to new capabilities that would be more fully discovered in the coming weeks. This has indeed proven to be the case. Not only does it have the ability to continually update its configs and capabilities via C&C but it also hides its core functionality inside of the code base of a shooting game. The game doesn't actually execute so it's just there to make the analysis of the malware more difficult for researchers. SonicWall Capture Labs also found that it "...will disable RealtimeMonitoring, stop the service 'WinDefend', and try to delete the service after it’s terminated."

An Uptick in NJRAT

NJRAT is in this week's top three most-reported forms of malware due to its popularity as one of the few free and flexible RATs on the market. Though most popular with smaller cybercriminals this is another tool that is often used by APT actors and is often seen targeting political groups and entities in the Middle East.

Click here to see how hackers are using YouTube Bitcoin scams to infect users with NJRAT.

 

View this OSINT Threat Report on TruSTAR to correlate IOCs with your own data:

View Report on TruSTAR

 

Not on TruSTAR yet? Request a demo, and in the meantime download IOCs via .txt file: 

Download .txt File

  

OSINT Threat Report: Nemty, the New Ransomware on the Block - Week of September 16 Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here. Read More
OSINT Threat Report: The Evolution of Trickbot - Week of August 26 Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here. Read More
OSINT Threat Report: A Closer Look at Sodinokibi and Gandcrab - Week of August 19 Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here. Read More
OSINT Threat Report: Top Three Malware NJRat, Pony, Gandcrab - Week of July 31 Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here. Read More