QuoIntelligence’s Weekly Intelligence Snapshot for the week of 20 May – 27 May 2020 is now available!

Find the summary below and subscribe to our mailing list at the bottom if you want to receive Weekly summaries and other regular updates from us! Or inquire today to receive a free trial of our full Weekly Intelligence Product, which includes analyst comments, MITRE ATT&CK tags, IOCs, and more!


Current Threat

Industries impacted: ANY 

Microsoft announced a new Java-based ransomware family dubbed PonyFinal deployed in “human-operating” ransomware attacks. Microsoft describes the attack scenario for PonyFinal as attackers first gaining access via brute-force attacks against the target company’s systems management server, then running additional tools for data exfiltration and bypassing event logging.

Threat Actor

Industries impacted: ANY, Consumer Discretionary, Financials, Materials, Information Technology

In the last week, QuoINT identified new activty attributed to Golden Chickens involving two Malware-as-a-Service tools using a previously unknown digital certificate, and released a technical brief detailing attack activity and various tools with noteable code observed throughout March and April. QuoIntelligence covered both topics in a Warning and the technical brief, respectively, which were distributed to Premium customers.

Researchers at ESET detailed a new backdoor malware dubbed PipeMon, discovered in February 2020 and used in an attack campaign attributed to the Winnti Group, which targeted several unnamed video gaming companies in South Korea and Taiwan


  • Berserk Bear: Targeting German Companies Through Supply Chain Attacks
  • Facebook Profile Data of 500 Million Users For Sale on Underground Forum
  • New ZLoader Banking Malware Variant Discovered and Observed in over 100 Campaigns Since January 2020
  • A New Campaign Distributes Ragnar Locker Within A Virtual Machine To Evade Detection

  • Researcher Revealed Proof-of-Concept (PoC) of a Privilege Escalation Vulnerability in Docker Desktop Service for Windows
  • APT39: Targeting Air Transportation and Government Organization in the Middle East


Industries impacted: Government

China’s government is currently holding the annual ‘two sessions’, which comprises of meetings of the National People’s Congress (NPC) – the national legislature of China – and the Chinese People’s Political Consultative Conference (CPPCC), after initially being delayed from March due to COVID-19.


  • UK’s Data Protection Authority Releases Report on Data Security Incidents
  • Israel’s Prime Minister Netanyahu Speaks of ”historic opportunity” to Claim Parts of West Bank