Skip to main content Link Menu Expand (external link) Document Search Copy Copied
DFIR Ransomware Project
Category Details References
Actors    
First Observed May 2021 1
Threat Actors North Korea 2
Environment    
Platforms Windows  
Artifacts    
Extensions TBD  
Ransomware Notes TBD  
Services It Disables TBD  
Other Observables maui.evd: RSA private key generated at runtime, encrypted using hard-coded public key

maui.key: RSA public key generated at runtime, encoded using XOR key generated from hard drive information

maui.log: Log file containing output console output from execution
 3
Automation    
Automatically Gains Access TBD  
Automatically Escalates Privileges TBD  
Requires Human Interaction TBD  
Automatic Exfiltration TBD  
Automatic Propagation TBD  

Please note, this page was last updated at 2023-03-14 20:21.

  1. https://purplesec.us/security-insights/maui-ransomware/ 

  2. https://www.cisa.gov/uscert/ncas/alerts/aa22-187a 

  3. https://stairwell.com/wp-content/uploads/2022/07/Stairwell-Threat-Report-Maui-Ransomware.pdf