Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Инструмент Pony
Каталоги
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
Риски
Каталоги
MITRE ATT&CK
Инструмент
Pony
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

Pony

Pony is a credential stealing malware, though has also been used among adversaries for its downloader capabilities. The source code for Pony Loader 1.0 and 2.0 were leaked online, leading to their use by various threat actors.(Citation: Malwarebytes Pony April 2016)
ID: S0453
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 21 May 2020
Last Modified: 25 Jun 2020

Techniques Used
Domain ID Name Use
Enterprise T1087 .001 Account Discovery: Local Account

Pony has used the NetUserEnum function to enumerate local accounts.(Citation: Malwarebytes Pony April 2016)

Enterprise T1071 .001 Application Layer Protocol: Web Protocols

Pony has sent collected information to the C2 via HTTP POST request.(Citation: Malwarebytes Pony April 2016)

Enterprise T1110 .001 Brute Force: Password Guessing

Pony has used a small dictionary of common passwords against a collected list of local accounts.(Citation: Malwarebytes Pony April 2016)

Enterprise T1059 .003 Command and Scripting Interpreter: Windows Command Shell

Pony has used batch scripts to delete itself after execution.(Citation: Malwarebytes Pony April 2016)

Enterprise T1070 .004 Indicator Removal: File Deletion

Pony has used scripts to delete itself after execution.(Citation: Malwarebytes Pony April 2016)

Enterprise T1036 .005 Masquerading: Match Legitimate Name or Location

Pony has used the Adobe Reader icon for the downloaded file to look more trustworthy.(Citation: Malwarebytes Pony April 2016)

Enterprise T1566 .001 Phishing: Spearphishing Attachment

Pony has been delivered via spearphishing attachments.(Citation: Malwarebytes Pony April 2016)
.002 Phishing: Spearphishing Link

Pony has been delivered via spearphishing emails which contained malicious links.(Citation: Malwarebytes Pony April 2016)

Enterprise T1204 .001 User Execution: Malicious Link

Pony has attempted to lure targets into clicking links in spoofed emails from legitimate banks.(Citation: Malwarebytes Pony April 2016)

.002 User Execution: Malicious File

Pony has attempted to lure targets into downloading an attached executable (ZIP, RAR, or CAB archives) or document (PDF or other MS Office format).(Citation: Malwarebytes Pony April 2016)

Enterprise T1497 .003 Virtualization/Sandbox Evasion: Time Based Evasion

Pony has delayed execution using a built-in function to avoid detection and analysis.(Citation: Malwarebytes Pony April 2016)

References

  1. hasherezade. (2016, April 11). No money, but Pony! From a mail to a trojan horse. Retrieved May 21, 2020.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.