Malware: Pony

Description

[Pony](https://attack.mitre.org/software/S0453) is a credential stealing malware, though has also been used among adversaries for its downloader capabilities. The source code for Pony Loader 1.0 and 2.0 were leaked online, leading to their use by various threat actors.(Citation: Malwarebytes Pony April 2016)

External References

• mitre-attack
• Malwarebytes Pony April 2016

Techniques Used by This Malware

• T1027.015 — Compression
• T1027.016 — Junk Code Insertion
• T1036 — Masquerading
• T1059.003 — Windows Command Shell
• T1070.004 — File Deletion
• T1071.001 — Web Protocols
• T1082 — System Information Discovery
• T1087.001 — Local Account
• T1105 — Ingress Tool Transfer
• T1106 — Native API
• T1110.001 — Password Guessing
• T1204.001 — Malicious Link
• T1204.002 — Malicious File
• T1497.003 — Time Based Evasion
• T1566.001 — Spearphishing Attachment
• T1566.002 — Spearphishing Link