ioc[.]one - OSINT Cyber Threat Intelligence Database

malware-notes/Maze.md at master · albertzsigovits/malware-notes

Tags

attack-pattern:

Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	e4333707-df80-4741-9760-f36657954775
Fingerprint	d92637e643c7799
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 1, 2022, midnight
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 5:57 p.m.
Headline	Maze ransomware
Title	malware-notes/Maze.md at master · albertzsigovits/malware-notes
Detected Hints/Tags/Attributes	25/1/45

Source URLs

	Redirection	Url
Details	Source	https://github.com/albertzsigovits/malware-notes/blob/master/Ransomware/Maze.md

URL Provider

Details	Provider	Source level domain
Details	github.com	github.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	maze.md
Details	Domain	1373	twitter.com
Details	Domain	5	mazenews.top
Details	Domain	179	www.torproject.org
Details	Domain	3	aoacugmutagkwctu.onion
Details	Domain	5	mazedecrypt.top
Details	File	7	decrypt-files.txt
Details	File	1	c35e0a1a78e8cdbc.tmp
Details	md5	1	4c3d146415a27e5b2b768097598f2851
Details	md5	1	a0667aaff29d40b151e423bcd42d1e15
Details	md5	1	e6c2e529c8b3c790ab91901a5172e552
Details	sha256	2	04e22ab46a8d5dc5fea6c41ea6fdc913b793a4e33df8f0bc1868b72b180c0e6e
Details	sha256	2	067f1b8f1e0b2bfe286f5169e17834e8cf7f4266b8d97f28ea78995dc81b0e7b
Details	sha256	2	153defee225de889d2ac66605f391f4aeaa8b867b4093c686941e64d0d245a57
Details	sha256	2	195ef8cfabc2e877ebb1a60a19850c714fb0a477592b0a8d61d88f0f96be5de9
Details	sha256	1	19713e7ae529091a995effe4e7271f2c23487c594af0a39cd4335d95e0abc99d
Details	sha256	2	58fe9776f33628fd965d1bcc442ec8dc5bfae0c648dcaec400f6090633484806
Details	sha256	2	5c9b7224ffd2029b6ce7b82ea40d63b9d4e4f502169bc91de88b4ea577f52353
Details	sha256	2	6a22220c0fe5f578da11ce22945b63d93172b75452996defdc2ff48756bde6af
Details	sha256	1	7c03b49d24c948f838b737fb476d57849a1fd6b205f94214bf2a5a3b7a36f17a
Details	sha256	1	806fc33650b7ec35dd01a06be3037674ae3cc0db6ba1e3f690ee9ba9403c0627
Details	sha256	2	822a264191230f753546407a823c6993e1a83a83a75fa36071a874318893afb8
Details	sha256	3	91514e6be3f581a77daa79e2a4905dcbdf6bdcc32ee0f713599a94d453a26fc1
Details	sha256	1	9e88e833d1309fe1417628519851f74cffafa51ea8a65bbd7f0433c9d9be196a
Details	sha256	1	a9da834206c24147866c3281c0ba898fb0d162fd9f87453df4c1674aaed45df7
Details	sha256	2	c040defb9c90074b489857f328d3e0040ac0ddab26cde132f17cccae7f1309cc
Details	sha256	1	e8a091a84dd2ea7ee429135ff48e9f48f7787637ccb79f6c3eb42f34588bc684
Details	sha256	1	ebbb5ac2be538edff5560ef74b996a3fbc3589b3063074c5037da05acd6374d2
Details	sha256	2	fc611f9d09f645f31c4a77a27b6e6b1aec74db916d0712bef5bce052d12c971f
Details	sha256	1	0cad26ce9da0bb3e380866e27c5f5ad17bb2f363352105f42b3dc1e9086c9366
Details	sha256	1	884d4eddb1c544532c4225419e319749700b5503503e707f86b1cae740bc4c18
Details	sha256	1	a4d658476e4693a873db1a349aa5ca0238c1df1708d5e67ed0f0187784d7336d
Details	Pdb	1	c:\random\fucking\path\to\fucking\idiotic\nonexisting\file\with\pdb\extension.pdb
Details	Pdb	1	c:\vc5\release\zeroaccess.pdb
Details	Pdb	1	c:\shit\gavno.pdb
Details	Pdb	1	c:\demonslay335\emsisoft_work\ransomware\hutchins.pdb
Details	Url	1	https://twitter.com/vk_intel/status/1189431136398794752
Details	Url	1	https://twitter.com/vk_intel/status/1186346215388131333
Details	Url	1	https://twitter.com/vk_intel/status/1185255932474904576
Details	Url	1	https://twitter.com/malwaretechblog/status/1184926173861572608
Details	Url	2	http://mazenews.top
Details	Url	63	https://www.torproject.org
Details	Url	1	http://aoacugmutagkwctu.onion/%userid%
Details	Url	1	https://mazedecrypt.top/%userid%
Details	Yara rule	1	rule maze_caro { condition: new_file and signatures matches /.Ransom.Maze.*/ }