APT / THREAT GROUP

Maggie

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to DCSO, this malware is written as a Extended Stored Procedure for a MSSQL server. The backdoor has capabilities to bruteforce logins to other MSSQL servers, adding a special hardcoded backdoor user in the case of successfully bruteforcing admin logins.

Threat Analysis

Maggie is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning Maggie

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

win.maggieMaggie

External Intelligence

Malpedia: win.maggie

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.