ioc[.]one - OSINT Cyber Threat Intelligence Database

Pony | Fareit

Tags

cmtmf-attack-pattern:	Process Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 File Deletion - T1070.004 Installutil - T1218.004 Malware - T1587.001 Malware - T1588.001 Msbuild - T1127.001 Phishing - T1660 Phishing - T1566 Process Hollowing - T1055.012 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Search Engines - T1593.002 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002 Installutil - T1118 Masquerading - T1036 Process Hollowing - T1093 Process Injection - T1055

Show in Graph

Common Information

Type	Value
UUID	66da4388-3763-444a-8ba2-ddd336dc1977
Fingerprint	323c18b5a4b712d4
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 4, 2024, midnight
Added to db	Aug. 31, 2024, 7:10 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Pony \| Fareit
Title	Pony \| Fareit
Detected Hints/Tags/Attributes	71/3/30

Source URLs

	Redirection	Url
Details	Source	https://rexorvc0.com/2024/02/04/Pony_Fareit/

URL Provider

Details	Provider	Source level domain
Details	rexorvc0.com	rexorvc0.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	208	✔	RexorVc0	https://rexorvc0.com/atom.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	File	70	vbc.exe
Details	File	48	applaunch.exe
Details	File	149	msbuild.exe
Details	File	83	installutil.exe
Details	File	103	regasm.exe
Details	File	40	aspnet_compiler.exe
Details	File	72	regsvcs.exe
Details	File	101	gate.php
Details	File	86	admin.php
Details	File	376	wscript.exe
Details	File	2125	cmd.exe
Details	File	59	csc.exe
Details	sha256	1	1a1dc33fae444afdd54f6f50dd47ed4b9f673fbc5595dad7b48e78cac0458465
Details	sha256	1	6a581c0c07ceb888ea418fccffd5efba33b9fd6561be1bcf90b0d6ba4deefd05
Details	sha256	1	442b8223413bc9b08a5983da23c5964839b1551ab4a84759d94dc5c9a228eacc
Details	sha256	1	0db43ad0ab0735bf0b84fb780e5e075b0c61c8e884d678430c2324d692afae4b
Details	sha256	1	3887d3d133504bb41d03e8fd96539c38c3accaf5aa97f2948599a473800d0bef
Details	sha256	1	c1be3c17f856344daf7ab2ad08074e94145f371698f52bc93b5dde4030c53f62
Details	sha256	1	f3c2d287c23bc90e0185b416d9e3d0469f4c4eaa21aecd1835061f3677bee67f
Details	sha256	1	c61af2853f0e94d65eca09cea4e00de29a10f03518b0729e859739fd4fffd08d
Details	sha256	1	e9772b945a731b447725680b8ef8b8252c2bb19931005718a8711ae527d532ba
Details	sha256	1	63c825619e3cff8843b7ef1d81b493fa1addc20c548ac98010acc6afd254351a
Details	MITRE ATT&CK Techniques	137	T1059.005
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	86	T1055.012
Details	Windows Registry Key	8	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows
Details	Windows Registry Key	47	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	3	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce