Cyber Resilience

Threat actor · all actors

Maui ransomwareMISP-995c3772 criminal

aka Maui ransomware

Last updated: 2026-07-03

11attributed CVEs
0ATT&CK techniques
31.9IDF score (tooling uniqueness)
0exclusive CVEs
2018–2022years active

About this actor

Maui ransomware stand out because of a lack of several key features commonly seen with tooling from RaaS providers, such as an embedded ransom note to provide recovery instructions or automated means of transmitting encryption keys to attackers. Instead, it is believed that Maui is manually operated, in which operators will specify which files to encrypt when executing it and then exfiltrate the resulting runtime artifacts. There are many aspects to Maui ransomware that are unknown, including usage context.

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2021-3018 8.09.80.79332021-01-05see CVE
CVE-2021-44142 8.08.80.74042022-02-21see CVE
CVE-2021-45837 8.09.80.81082022-04-25see CVE
CVE-2021-40684 7.09.10.01152021-09-22see CVE
CVE-2022-24663 7.09.90.02102022-02-16see CVE
CVE-2022-24664 7.09.90.01592022-02-16see CVE
CVE-2022-24665 7.09.90.02442022-02-16see CVE
CVE-2019-15637 6.08.10.22732019-08-26see CVE
CVE-2022-22005 6.08.80.17212022-02-09see CVE
CVE-2017-4946 5.57.80.00512018-01-05see CVE
CVE-2022-24785 5.57.50.05662022-04-04see CVE

No techniques attributed.

Co-occurring actors

Similar actors

Overlapping CVEs

Active in same years

Same category