RANSOMWARE OPERATION💰 FINANCIAL

maze

Limited data

Intelligence Profile

Maze ransomware group is one of the most known ransomware gangs, they targeted organizations worldwide across many industries. Security researchers believed that Maze operates as an affiliated network model. MAZE was one of the first groups that made a 'Double Extortion Attack' involved Allied Universal, in November 2019, the group leaks their victim's data in the darknet. On November 1, 2020, MAZE announced an official press release that they are closing their operation. is malware targeting organizations worldwide across many industries. Security researchers claim that the threat actor behind the MAZE group is 'TA2101'.

Threat Analysis

maze is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.

Financially motivated threat actors like maze prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

Intelligence Reports Mentioning maze

Quick Facts

TypeRansomware Operation
Motivation💰 financial

DLS Infrastructure

○ OFFLINExfr3txoorcyy7tikjgj5dk3rvo3vsrpyaxnclyohkbfp3h277ap4tiad.onion
○ OFFLINEaoacugmutagkwctu.onion
● ONLINEmazedecrypt.top
○ OFFLINEdnspexdevfbct2agyu3oxrmhm4ggf4ec6iwpnlb3kwb2rigrtuz3sayd.onion
○ OFFLINExjypo5vzgmo7jca6b322dnqbsdnp3amd24ybx26x5nxbusccjkm4pwid.onion

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.