Pony Malware - How to Protect User and Wallet Data
Tags
country: Canada Jordan
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Cloud Services - T1021.007 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005
Show in Graph
Common Information
Type Value
UUID 2a857594-d3cb-49bc-9f4a-394956633ebf
Fingerprint bd1c0dd8afa28a8e
Analysis status DONE
Considered CTI value -2
Text language
Published Jan. 25, 2018, 2:39 a.m.
Added to db Jan. 18, 2023, 11:31 p.m.
Last updated Sept. 4, 2024, 5:40 p.m.
Headline Pony Malware – How to Protect User and Wallet Data
Title Pony Malware - How to Protect User and Wallet Data
Detected Hints/Tags/Attributes 70/3/9
Source URLs
Redirection Url
Details Source https://www.netskope.com/blog/pony-loader-exfiltrates-user-wallet-data/
URL Provider
Details Provider Source level domain
Details netskope.com www.netskope.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
mangiaine.com
Details Domain 1 
maingiane.com
Details Domain 2 
bitcoin-dns.hosting
Details Domain 1 
prontocasamos.com.br
Details File 2 
order.ace
Details File 1 
11-2017.exe
Details File 47 
order.exe
Details Url 1 
http://mangiaine.com/bobventures/panel/gate.php
Details Url 1 
http://prontocasamos.com.br/wp-includes/pomo/.cert/grsec/encode.php