Wednesday, October 12, 2016

419 Attackers Leveraging New Undetected Pony Infrastructure for Possible Swift Targeting


Wapack labs analyzed two recent Pony/Fareit downloader samples that were submitted to Virus Total in late September.  The samples provided insight into recently registered attacker infrastructure imitating a number of European, US and Bangladeshi companies.  This infrastructure was recently registered and only one domain is currently detected (low detection) as malicious on Virus Total. Further collection identified additional 2015 and 2016 infrastructure registered by 419 actors imitating banking, US Government, military, and oil and gas organizations.  This PIR provides forewarning on infrastructure that will likely be activated as command and control (C2) in the future.


Publication Date: 7 October 2016

Handling requirementsTraffic light protocol (TLP) AMBER

Attribution/Threat Actors: Criminal

Actor type:  Adversary capabilities have been assessed as Tier 1*

Previous reporting: None

*Practitioners who rely on others to develop the malicious code, delivery mechanisms, and execution strategy (use known exploits). 

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.