true
Blog OSINT Threat Report: Pony and NJRAT Stay Prevalent - Week of July 29

OSINT Threat Report: Pony and NJRAT Stay Prevalent - Week of July 29

Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here.

Pony Continues to Evolve

There is something bubbling up with Pony and we're not exactly sure what that is. This week Pony/Fareit as the most reported malware on the TruSTAR platform and from dark web forums we are seeing "Pony Botnet with bulletproof hosting" listed and on a Chinese hack forum (if the Google translations are even halfway reasonable) and suggestions that there is a new version or variant of Pony Loader. These are in no way conclusive given only two data points, but we will be keeping an eye on this one and suggest that you do the same. 

Can't Exterminate NJRAT

Next, we have NJRAT percolating back into the #2 spot followed by Quasar this week. Based on external intelligence and digging into the intel behind the most recent indicators for these two threats it appears that most of this activity is tied to Iranian operations. From Recorded Future, "Our research found that APT33, or a closely aligned threat actor, continues to conduct and prepare for widespread cyber espionage activity, with over 1,200 domains used since March 28, 2019, and with a strong emphasis on using commodity malware."

˜View this OSINT Threat Report on TruSTAR to correlate IOCs with your own data:

View Report on TruSTAR

 

Not on TruSTAR yet? Request a demo, and in the meantime download IOCs via .txt file: 

Download .txt File

  

OSINT Threat Report: Top Three Malware NJRat, Pony, Gandcrab - Week of July 31 Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here. Read More
OSINT Threat Report: Pony, njRAT, Trickbot Still Rampant, DHS Issues Statement About Increased Cyber Attacks - Week of July 15 Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here.  Read More
OSINT Threat Report: Trickbot Continues to Deceive - Week of July 8 Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here.  Read More