Stripedfly

Threat Actor updated 5 months ago (2024-05-04T19:19:28.402Z)
Download STIX
Preview STIX
StripedFly is a malicious threat actor that has been active since at least April 9, 2016, as indicated by the earliest known version of StripedFly incorporating the EternalBlue exploit. The authors behind StripedFly show parallels with the EternalBlue exploit, which is notorious for its use in widespread cyber attacks. This group's activities remained undetected until August 24, 2017, over a year after their initial appearance, demonstrating their ability to operate covertly and effectively. The StripedFly malware exhibits similarities to the ThunderCrypt ransomware in terms of functionality and modules, suggesting a possible connection or shared origin between the two. This overlap may indicate that the group behind StripedFly could also be responsible for the development or deployment of ThunderCrypt. However, as of now, the precise identity of the individuals or entities behind StripedFly remains unknown. By October 2023, StripedFly had reportedly infected over 1 million PCs, highlighting its significant reach and impact. Despite this widespread infection, the cybersecurity industry continues to struggle in definitively attributing the malware to a specific source. As such, ongoing vigilance and robust defensive measures are critical to mitigate the threat posed by this elusive and potent threat actor.
Description last updated: 2024-05-04T18:36:47.029Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Thundercrypt is a possible alias for Stripedfly. ThunderCrypt is a threat actor that first emerged on April 20, 2017, with the introduction of its earliest version of ransomware. This initial version did not utilize the EternalBlue exploit. The cybersecurity community became aware of ThunderCrypt through an analysis of related malware, leading to
2
Eternalblue is a possible alias for Stripedfly. EternalBlue is a software vulnerability that exists due to a flaw in the design or implementation of the Windows Server Message Block (SMB). This vulnerability, officially known as CVE-2017-0144, was made public after the Shadow Brokers group leaked an exploit developed by the U.S. National Security
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Ransomware
Windows
Linux
Exploit
Kaspersky
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Stripedfly Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago