Kaspersky linked a 2021 Maui ransomware incident to Andariel, also known as Silent Chollima or Stonefly, with low to medium confidence based on DTrack deployment, 3proxy use, and overlap with prior activity. In the Japanese victim environment, the actor deployed a DTrack variant about ten hours before Maui ransomware, collecting host data such as network configuration, process lists, netstat output, interface information, ping results, and browser history. Maui was run from a Windows temporary path with arguments setting eight threads, self-deletion behavior, and encryption of the E: drive, while key files were written under the same temporary directory. Additional DTrack infections in India, Vietnam, and Russia and exploitation of vulnerable HFS and WebLogic services suggest opportunistic global targeting of financially viable organizations rather than a single sector focus.