Stonefly: Extortion Attacks Continue Against U.S. Targets
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
In several of the attacks, Stonefly’s custom malware Backdoor.Preft (aka Dtrack, Valefor) was deployed. This tool is exclusively associated with the group. In addition to this, several Stonefly indicators of compromise recently documented by Microsoft were found on the compromised networks. The attackers used a fake Tableau certificate documented by Microsoft in addition to two other certificates (see Indicators of Compromise) that appear to be unique to this campaign.
OPENCTI LABELS :
mimikatz,snap2html,megatools,plink
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Stonefly: Extortion Attacks Continue Against U.S. Targets