Stripedfly

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
StripedFly is a malicious threat actor that has been active since at least April 9, 2016, as indicated by the earliest known version of StripedFly incorporating the EternalBlue exploit. The authors behind StripedFly show parallels with the EternalBlue exploit, which is notorious for its use in widespread cyber attacks. This group's activities remained undetected until August 24, 2017, over a year after their initial appearance, demonstrating their ability to operate covertly and effectively. The StripedFly malware exhibits similarities to the ThunderCrypt ransomware in terms of functionality and modules, suggesting a possible connection or shared origin between the two. This overlap may indicate that the group behind StripedFly could also be responsible for the development or deployment of ThunderCrypt. However, as of now, the precise identity of the individuals or entities behind StripedFly remains unknown. By October 2023, StripedFly had reportedly infected over 1 million PCs, highlighting its significant reach and impact. Despite this widespread infection, the cybersecurity industry continues to struggle in definitively attributing the malware to a specific source. As such, ongoing vigilance and robust defensive measures are critical to mitigate the threat posed by this elusive and potent threat actor.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Thundercrypt
2
ThunderCrypt is a threat actor that first emerged on April 20, 2017, with the introduction of its earliest version of ransomware. This initial version did not utilize the EternalBlue exploit. The cybersecurity community became aware of ThunderCrypt through an analysis of related malware, leading to
Eternalblue
2
EternalBlue is a significant software vulnerability that exists in the design or implementation of certain systems. This flaw has been exploited by various cyber threats, with one notable instance being its use as an enabler for the widespread WannaCry ransomware attack. The exploit allows attackers
Equation Group
1
The Equation Group, a threat actor suspected of having ties to the United States, has been associated with various sophisticated cyber exploits. The group's EpMe exploit, which existed since at least 2013, was the original exploit for the vulnerability later labeled CVE-2017-0005. Another exploit, E
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Exploit
Ransomware
Windows
Linux
Kaspersky
Espionage
Infiltration
Apt
Microsoft
Cryptominer
Nginx
Kubernetes
Reconnaissance
Exploits
Worm
Vulnerability
Payload
Proxy
Antivirus
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
WannaCryUnspecified
1
WannaCry is a notorious malware that was responsible for one of the largest ransomware attacks in history, occurring in 2017. This malicious software, designed to exploit and damage computer systems, infiltrated networks worldwide through suspicious downloads, emails, or websites. Once inside a syst
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Shadow BrokersUnspecified
1
The Shadow Brokers, a threat actor group, made headlines in the cybersecurity world for their leaks of sophisticated cyber tools believed to be developed by the Equation Group, an Advanced Persistent Threat (APT) group associated with the NSA's Tailored Access Operations unit. The most notable among
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Stripedfly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
9 months ago
StripedFly: Perennially flying under the radar
CERT-EU
9 months ago
StripedFly: Perennially flying under the radar – GIXtools
CERT-EU
9 months ago
DEF CON 31 - Andrea Matwyshyn’s ‘Policy - Putting Your Money Where Your Cyber Is SW Liability’
CERT-EU
9 months ago
Cyber Security Today, Oct. 27, 2023 – Malware hiding as a cryptominer may have infected 1 million PCs since 2017 | IT World Canada News
CERT-EU
9 months ago
SAS 2023: Key Research
CERT-EU
9 months ago
Kaspersky reveals 'elegant' malware resembling NSA code
CERT-EU
9 months ago
This Week In Security: 1Password, Polyglots, And Roundcube
CERT-EU
9 months ago
Widespread StripedFly malware framework compromise reported in Windows, Linux systems
CERT-EU
8 months ago
Sekoia: Latest in the Financial Sector Cyber Threat Landscape
CERT-EU
8 months ago
StripedFly Malware's Covert Cryptocurrency Mining Operation
CERT-EU
8 months ago
Les vulnérabilités critiques à suivre (6 novembre 2023)
CERT-EU
8 months ago
SANS ISC Stormcast: Daily Network Security News Summary; Cyber Security Podcast
CERT-EU
8 months ago
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
CERT-EU
8 months ago
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
CERT-EU
8 months ago
Unveiling the Newly Discovered StripedFly Malware
CERT-EU
8 months ago
StripedFly: Cryptomining Tool Infects 1 Million Targets Worldwide
CERT-EU
8 months ago
StripedFly, a complex malware that infected one million devices without being noticed
Securityaffairs
8 months ago
StripedFly, a complex malware that infected one million devices without being noticed
CERT-EU
9 months ago
Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs - Slashdot
CERT-EU
9 months ago
Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools