Maze
Maze ransomware group is one of the most known ransomware gangs, they targeted organizations worldwide across many industries. Security researchers believed that Maze operates as an affiliated network model. MAZE was one of the first groups that made a 'Double Extortion Attack' involved Allied Universal, in November 2019, the group leaks their victim's data in the darknet. On November 1, 2020, MAZE announced an official press release that they are closing their operation. is malware targeting organizations worldwide across many industries. Security researchers claim that the threat actor behind the MAZE group is 'TA2101'.
External information
- https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker
- https://cloud.google.com/blog/topics/threat-intelligence/unc961-multiverse-financially-motivated/
- https://www.crowdstrike.com/blog/prophet-spider-exploits-citrix-sharefile/
- https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-009.pdf
- https://www.crowdstrike.com/blog/prophet-spider-exploits-oracle-weblogic-to-facilitate-ransomware-activity/
- https://cloud.google.com/blog/topics/threat-intelligence/tactics-techniques-procedures-associated-with-maze-ransomware-incidents
Victims
60
First Discovered
victim2019-10-21
Last Discovered
victim2020-09-11
Avg Delay
between attack and claimN/A
Infostealer
for victim with domain0.0%
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | FQDN | |
|---|---|---|---|---|---|---|
|
None | No | 2025-06-01 21:19:12 | xfr3txoorcyy7tikjgj5dk3rvo3vsrpyaxnclyohkbfp3h277ap4tiad.onion |
Target (Available)
Top 5 Activity Sectors
- Critical Manufacturing 15
- Information Technology 10
- Financial 7
- Healthcare and Public Health 5
- Transportation Systems 5
Top 5 Countries
-
United States
39
-
Thailand
3
-
Canada
2
-
United Kingdom
2
-
Australia
2
Heatmap (Available)
Ransom Notes (1)
Tools Used (Available)
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
AdFind
Advanced IP Scanner
Bloodhound
PingCastle
PowerView
ShareFinder
|
|
|
Mimikatz
ProcDump
|
Cobalt Strike
Metasploit
Meterpreter
PowerSploit
|
|
PsExec
WMIC
|
WinSCP
|
Vulnerabilities Exploited (0)
No vulnerabilities exploited available.
TTPs Matrix (0)
No TTPs available.
Negotiation Chats (0)
No negotiation chats available.
YARA Rules (1)
Indicators of Compromise (IoCs) (0)
No IoCs available for this group.
