Pony
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[Pony](https://attack.mitre.org/software/S0453) is a credential stealing malware, though has also been used among adversaries for its downloader capabilities. The source code for Pony Loader 1.0 and 2.0 were leaked online, leading to their use by various threat actors.(Citation: Malwarebytes Pony April 2016)
Associated Techniques (16)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1027.015 | Compression | - |
| T1027.016 | Junk Code Insertion | - |
| T1036 | Masquerading | - |
| T1059.003 | Windows Command Shell | - |
| T1070.004 | File Deletion | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1087.001 | Local Account | - |
| T1105 | Ingress Tool Transfer | - |
| T1106 | Native API | - |
| T1110.001 | Password Guessing | - |
| T1204.001 | Malicious Link | - |
| T1204.002 | Malicious File | - |
| T1497.003 | Time Based Checks | - |
| T1566.001 | Spearphishing Attachment | - |
Metadata
| ID: | 89 |
| Created: | 13/01/2026 17:48 |
| Updated: | 20/04/2026 16:00 |