Welcome to our OSINT Threat Report, a weekly digest of trending threats reported by TruSTAR platform users. Related posts here.
NJRat, Pony, Gandcrab Updates
This week, NJRAT and PONY remain in the top three with NJRAT activity now outpacing PONY by a fair margin. Interestingly, there's been a spike in GANDCRAB reporting over the past week that it's the second most reported malware on the platform. Doing some digging this seems to be that while the makers of Gandcrab announced their retirement, they have actually rebranded themselves with the REvil ransomware. Krebs did a nice writeup on this which is highly recommended reading if you have concerns around this ransomware.
So in terms of malware ranking this week we have NJRAT, GANDCRAB, and PONY/FAREIT. While there is a fair amount of attribution reporting for the NJRAT activity from RecordedFuture, we'd caution that it is still a piece of commodity malware and thus there are likely to be multiple users and campaigns utilizing this malware.
Trickbot
As a final note, we still see Trickbot as a significant threat and continue to see adaptations for the malicious tool now the fourth most reported on TruSTAR. And while we don't know if Emotet is merely down for retooling or if the actors behind it have simply closed up shop, but its noticeable drop over the last few weeks has been striking.
View this OSINT Threat Report on TruSTAR to correlate IOCs with your own data:
Not on TruSTAR yet? Request a demo, and in the meantime download IOCs via .txt file: