Pony Continues to Evolve
There is something bubbling up with Pony and we're not exactly sure what that is. This week Pony/Fareit as the most reported malware on the TruSTAR platform and from dark web forums we are seeing "Pony Botnet with bulletproof hosting" listed and on a Chinese hack forum (if the Google translations are even halfway reasonable) and suggestions that there is a new version or variant of Pony Loader. These are in no way conclusive given only two data points, but we will be keeping an eye on this one and suggest that you do the same.
Can't Exterminate NJRAT
Next, we have NJRAT percolating back into the #2 spot followed by Quasar this week. Based on external intelligence and digging into the intel behind the most recent indicators for these two threats it appears that most of this activity is tied to Iranian operations. From Recorded Future, "Our research found that APT33, or a closely aligned threat actor, continues to conduct and prepare for widespread cyber espionage activity, with over 1,200 domains used since March 28, 2019, and with a strong emphasis on using commodity malware."
˜View this OSINT Threat Report on TruSTAR to correlate IOCs with your own data:
Not on TruSTAR yet? Request a demo, and in the meantime download IOCs via .txt file: