StripedFly

StripedFly (also known as StripedFly) is a malware active since 2017. Stealthy cross-platform malware. Key characteristics include: cross-platform (Win/Linux), crypto mining, EternalBlue propagation, TOR C2, 1M+ infections, APT-level sophistication.

Overview & Background

Stealthy cross-platform malware. First identified in 2017, this threat is attributed to Unknown (APT-level).

Threat Assessment

StripedFly remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this malware.

Category: Malware
Active since: 2017
Attribution: Unknown (APT-level)
Also known as: StripedFly

Technical Analysis

StripedFly employs the following capabilities and techniques:

Cross-Platform (Win/Linux): Core functionality
Crypto Mining: Core functionality
Eternalblue Propagation: Core functionality
Tor C2: Core functionality
1M+ Infections: Core functionality
Apt-Level Sophistication: Core functionality

MITRE ATT&CK Mapping

Tactic	Technique	Usage
Initial Access	T1566.001 Phishing Attachment	Common delivery vector
Execution	T1204.002 Malicious File	User-triggered execution
Persistence	T1547.001 Registry Run Keys	Autostart persistence
Defense Evasion	T1027 Obfuscated Files	Payload obfuscation
C2	T1071.001 Web Protocols	HTTP/HTTPS C2

Detection & Defense

Endpoint detection: Deploy behavioral detection rules for StripedFly indicators
Network monitoring: Monitor for C2 traffic patterns and anomalous connections
Threat intelligence: Track StripedFly IOCs and campaign updates
Security awareness: Train users to recognize phishing and social engineering
Patch management: Keep systems updated to prevent exploitation

Defend Against StripedFly

Mjolnir Security provides detection and response capabilities against StripedFly and similar threats.

Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence

Proactive Threat Hunting Hunt for StripedFly indicators and TTPs within your environment.
Threat Intelligence Monitor StripedFly campaigns and infrastructure changes.
24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.

Written by: Mjolnir Security  |  Published: March 20, 2025

Overview & Background

Technical Analysis

MITRE ATT&CK Mapping

Detection & Defense

Defend Against StripedFly

Cobalt Strike: When Red Team Tools Become the Adversary's Arsenal

RedLine Stealer: The Infostealer That Fueled a Cybercrime Empire