{
  "name": "Stonefly: Extortion Attacks Continue Against U.S. Targets",
  "slug": "stonefly-extortion-attacks-continue-against-us-targets",
  "description": "In several of the attacks, Stonefly\u2019s custom malware Backdoor.Preft (aka Dtrack, Valefor) was deployed. This tool is exclusively associated with the group. In addition to this, several Stonefly indicators of compromise recently documented by Microsoft were found on the compromised networks. The attackers used a fake Tableau certificate documented by Microsoft in addition to two other certificates (see Indicators of Compromise) that appear to be unique to this campaign.",
  "published": "2024-10-03T15:08:10+00:00",
  "created_at": "2024-10-03T15:08:10+00:00",
  "modified_at": "2024-10-03T15:23:11+00:00",
  "created_at_opencti": "2024-10-03T15:08:10+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-10-03",
    "megatools",
    "mimikatz",
    "plink",
    "snap2html"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "51.81.168.157"
      },
      {
        "id": "",
        "name": "216.120.201.112"
      },
      {
        "id": "",
        "name": "144.208.127.115"
      },
      {
        "id": "",
        "name": "217.195.153.209"
      },
      {
        "id": "",
        "name": "172.96.137.224"
      },
      {
        "id": "",
        "name": "fce7db964bef4b37f2f430c6ea99f439e5be06e047f6386222826df133b3a047"
      },
      {
        "id": "",
        "name": "f64dab23c50e3d131abcc1bdbb35ce9d68a34920dd77677730568c24a84411c5"
      },
      {
        "id": "",
        "name": "f3f17480a3e5c86d1ed876243a06db9b4d7d6aea91e284fa555882e0f1360206"
      },
      {
        "id": "",
        "name": "f0bc0f94ac743185e6d0c865a9e162f4ce2f306df13b2ea80df984160eb3363c"
      },
      {
        "id": "",
        "name": "ee7926b30c734b49f373b88b3f0d73a761b832585ac235eda68cf9435c931269"
      },
      {
        "id": "",
        "name": "ee017325a743516155210f367272ac736bbfc8284b9613180744f26dda6502b0"
      },
      {
        "id": "",
        "name": "ea2867c5de97e512b9780b6e73c075291259f5b24e95569ccbb05ed249d511a3"
      },
      {
        "id": "",
        "name": "e5d56cb7085ed8caf6c8269f4110265f9fb9cc7d8a91c498f3e2818fc978eee2"
      },
      {
        "id": "",
        "name": "e11e57d6d0944c2856828a287a868af96b47be32d4fe411f58dae4f0fe45ee2d"
      },
      {
        "id": "",
        "name": "d867aaa627389c377a29f01493e9dff517f30db8441bf2ccc8f80c48eaa0bf91"
      },
      {
        "id": "",
        "name": "d71f478b1d5b8e489f5daafda99ad203de356095278c216a421694517826b79a"
      },
      {
        "id": "",
        "name": "cdd079bcb01e0f1229194f1f0ff9b6261e24ee16f8f75ec83763a33561c2071a"
      },
      {
        "id": "",
        "name": "c5a6a18ec53a8743853112f58dd1fcc73d0b2fc6e9cb73b2424e29d78b4504df"
      },
      {
        "id": "",
        "name": "ac6f6c77e0c9082f85324dcde9aabbdd1c4dcd51b78e45d1d8ace4d1648213dd"
      },
      {
        "id": "",
        "name": "a7711b8314b256d279e104ea3809f0668d3615fba584ca887d9c495795d0a98e"
      },
      {
        "id": "",
        "name": "a65cefb3c2ccdb50704b1af1008a1f8c7266aa85bd24aaf21f6eb1ddd5b79c81"
      },
      {
        "id": "",
        "name": "966319464e10b5a1ccc214a76a57ecf8afb322055f55154cf6e039c7373fd5e7"
      },
      {
        "id": "",
        "name": "94eef46095c231b1ee33cd63e063d8a2fc663e44832e45a294cf8d8cf9df31f8"
      },
      {
        "id": "",
        "name": "93b75bc724a4a85b93fb749b734381ef79ab54c2debf27907794c8fd632fa0f5"
      },
      {
        "id": "",
        "name": "89aa7b67e9476d0f91df71a2b92ebe21f63f218afb6446296403f34f91831d15"
      },
      {
        "id": "",
        "name": "88b3c100d4a3168b1807fe9d1c4cb9d772e294c1cdf29ff287bc451d37891d8c"
      },
      {
        "id": "",
        "name": "7bec0b28eb52f7a2e218367c0fef91e83c9df8f0463d55f3a064a2d6ca77c8d0"
      },
      {
        "id": "",
        "name": "7ab3f076e70350f06ad19863fdd9e794648020f621c0b1bd20ad4d80f0745142"
      },
      {
        "id": "",
        "name": "75448c81d54acb16dd8f5c14e3d4713b3228858e07e437875fbea9b13f431437"
      },
      {
        "id": "",
        "name": "6de5219d913ed93389ae8e9e295695da1adc889c0352a9069f9921a0a2cb5ec6"
      },
      {
        "id": "",
        "name": "5df907d0ff950194758a8ef32dabe78c31c7470c6e771c4f82e4c135a898f8fb"
      },
      {
        "id": "",
        "name": "58d267dd80298c6d582ea7e45cf85a6e665d172d4122cc029cbcd427a33c2472"
      },
      {
        "id": "",
        "name": "5633691b680b46b8bd791a656b0bb9fe94e6354f389ab7bc6b96d007c9d41ffa"
      },
      {
        "id": "",
        "name": "511a75b2daca294db39d0e82e7af6161e67aab557b6b86bfea39ccbd2d7b40ae"
      },
      {
        "id": "",
        "name": "4ef8f3be7615392e4fe5751c9647ede1c6be2d2723af9b0fab69b6e58543e6ca"
      },
      {
        "id": "",
        "name": "485465f38582377f9496a6c77262670a313d8c6e01fd29a5dbd919b9a40e68d5"
      },
      {
        "id": "",
        "name": "42d52a78058954fcb85f538c86253214bacf475b4abecf3b426dad9d5b6543d6"
      },
      {
        "id": "",
        "name": "3f880395c9d5820c4018daecf56711ce4ee719736590792f652ea29cbcbdb8f3"
      },
      {
        "id": "",
        "name": "3b1fa5ffbdc79a395df274d558eed7cfebb3863d2cf4607c816a6e7d26007899"
      },
      {
        "id": "",
        "name": "37b1c57120760acefb6ad9a99eb1a7dfa49d4ee6c4e6afcc09b385c24c5f0639"
      },
      {
        "id": "",
        "name": "35bbea3e077e63616e6785b667ddc67c3360be80b690fd0eea4e531b38777b0c"
      },
      {
        "id": "",
        "name": "2c70973b2b70e60f4187cb704bbc3c74da25a526828384b841b53778fb53fd38"
      },
      {
        "id": "",
        "name": "28149b1e55551948a629dcd2dacad32f6a197ed9324dc08b27ff00fa0bf0d909"
      },
      {
        "id": "",
        "name": "2b254ae6690c9e37fa7d249e8578ee27393e47db1913816b4982867584be713a"
      },
      {
        "id": "",
        "name": "243ad5458706e5c836f8eb88a9f67e136f1fa76ed44868217dc995a8c7d07bf7"
      },
      {
        "id": "",
        "name": "1e2fad6c77410965ea2b3a5d36e8d980d839cc7a2b6f2e2d795d915e496ff398"
      },
      {
        "id": "",
        "name": "12bf9fe2a68acb56eb01ca97388a1269b391f07831fd37a1371852ed5df44444"
      },
      {
        "id": "",
        "name": "09795d17d027c561e8e48f6089a8cf37e71c5985afbf7f51945fc359b4697a16"
      },
      {
        "id": "",
        "name": "003815b3b170437316614c66e63fc0750e459f47cb0caf2af9cf584fffee4916"
      },
      {
        "id": "",
        "name": "96118268f9ab475860c3ae3edf00d9ee944d6440fd60a1673f770d150bfb16d3"
      }
    ],
    "attack_patterns": [
      {
        "id": "25792a4b-d837-4423-bb77-e15f98c9b0f9",
        "name": "T1114.001"
      },
      {
        "id": "e7d42089-23ed-495f-a2bc-c942c4e56fb7",
        "name": "T1573.002"
      },
      {
        "id": "14660ccf-ca6b-42f6-8bca-e1b7a04650b3",
        "name": "T1573.001"
      },
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "667462db-9031-48eb-893a-05d35f9330a7",
        "name": "T1056.001"
      },
      {
        "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed",
        "name": "T1113"
      },
      {
        "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6",
        "name": "T1204.002"
      },
      {
        "id": "dc410646-9cdd-427b-92e7-179a54f78f90",
        "name": "T1566.001"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Defense"
      }
    ]
  },
  "external_refs": [
    "https://symantec-enterprise-blogs.security.com/threat-intelligence/stonefly-north-korea-extortion",
    "https://otx.alienvault.com/pulse/66fecf7a10bc3e96bf7e26ac"
  ]
}