Threat actor · all actors
Maui ransomwareMISP-995c3772 criminal
aka Maui ransomware
Last updated: 2026-07-03
11attributed CVEs
0ATT&CK techniques
31.9IDF score (tooling uniqueness)
0exclusive CVEs
2018–2022years active
About this actor
Maui ransomware stand out because of a lack of several key features commonly seen with tooling from RaaS providers, such as an embedded ransom note to provide recovery instructions or automated means of transmitting encryption keys to attackers. Instead, it is believed that Maui is manually operated, in which operators will specify which files to encrypt when executing it and then exfiltrate the resulting runtime artifacts. There are many aspects to Maui ransomware that are unknown, including usage context.
Activity timeline
- 2022 — 7 CVE published
- 2021 — 2 CVE published
- 2019 — 1 CVE published
- 2018 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2021-3018 | 8.0 | 9.8 | 0.7933 | 2021-01-05 | see CVE |
CVE-2021-44142 | 8.0 | 8.8 | 0.7404 | 2022-02-21 | see CVE |
CVE-2021-45837 | 8.0 | 9.8 | 0.8108 | 2022-04-25 | see CVE |
CVE-2021-40684 | 7.0 | 9.1 | 0.0115 | 2021-09-22 | see CVE |
CVE-2022-24663 | 7.0 | 9.9 | 0.0210 | 2022-02-16 | see CVE |
CVE-2022-24664 | 7.0 | 9.9 | 0.0159 | 2022-02-16 | see CVE |
CVE-2022-24665 | 7.0 | 9.9 | 0.0244 | 2022-02-16 | see CVE |
CVE-2019-15637 | 6.0 | 8.1 | 0.2273 | 2019-08-26 | see CVE |
CVE-2022-22005 | 6.0 | 8.8 | 0.1721 | 2022-02-09 | see CVE |
CVE-2017-4946 | 5.5 | 7.8 | 0.0051 | 2018-01-05 | see CVE |
CVE-2022-24785 | 5.5 | 7.5 | 0.0566 | 2022-04-04 | see CVE |
No techniques attributed.
Co-occurring actors
- Lazarus Group 11 shared CVEs
- Andariel 11 shared CVEs
- Storm-0530 11 shared CVEs
Similar actors
Overlapping CVEs
- Andariel 1.00
- Storm-0530 1.00
- Lazarus Group 0.92
Active in same years
- Lazarus Group 4.00
- Andariel 4.00
- Storm-0530 4.00
- APT29 2.00
- C0018 1.00