Skuggaheimar/Threat Intelligence/Fareit
FAREIT
FAREIT
INFORMATION STEALER
ECRIME
Threat IntelligenceMalwareNovember 12, 202515 min read

Fareit: Threat Intelligence Profile

Classic credential stealer and downloader

Scroll

Fareit / Pony Stealer (also known as Fareit, Pony, Siplog) is a information stealer active since 2011. Classic credential stealer and downloader. Key characteristics include: FTP/email/browser credential theft, downloader functionality, massive spam campaigns.

Overview & Background

Classic credential stealer and downloader. First identified in 2011, this threat is attributed to eCrime.

Threat Assessment

Fareit remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this information stealer.

Technical Analysis

Fareit employs the following capabilities and techniques:

MITRE ATT&CK Mapping

TacticTechniqueUsage
Initial AccessT1566.001 Phishing AttachmentCommon delivery vector
ExecutionT1204.002 Malicious FileUser-triggered execution
PersistenceT1547.001 Registry Run KeysAutostart persistence
Defense EvasionT1027 Obfuscated FilesPayload obfuscation
C2T1071.001 Web ProtocolsHTTP/HTTPS C2

Detection & Defense

Defend Against Fareit

Mjolnir Security provides detection and response capabilities against Fareit and similar threats.

Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence
  • Proactive Threat Hunting Hunt for Fareit indicators and TTPs within your environment.
  • Threat Intelligence Monitor Fareit campaigns and infrastructure changes.
  • 24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.
Written by: Mjolnir Security  |  Published: November 12, 2025
Related Reports
Malware

RedLine Stealer: The Infostealer That Fueled a Cybercrime Empire

Read Report →
Malware

Cobalt Strike: Adversary's Arsenal

Read Report →