Design a site like this with
Get started

Maze Ransomware Victim’s data revealed

Recently various successful ransomware attacks are observed, of which Maze Ransomware tops the list. Threat Actors behind Maze Ransomware is attributed as TA2101 by Proofpoint and APT-29 by Talosintelligence.The Maze team is publicly exposing victims by displaying real files exfiltrated from their hacked servers. Threat Actors supposed to have registered the domain mazenews[.]top to release the exfiltrated data.

Homepage of mazenews[.]top

Recent incidents:
Over the past several months, Talos Incident Response responded to several such incidents, where an adversary gained access to an environment, deployed ransomware, and exfiltrated large amounts of data, combining elements of ransomware and doxxing attacks into a single incident.

In one incident, the attacker leveraged CobaltStrike after obtaining access to the network. CobaltStrike is a widely used framework for offensive and red-teaming, which is also commonly used by adversaries to attack their targets. Once the adversary has access, they spend at least a week laterally moving around the network and gathering systems and data along the way. Combined with CobaltStrike, the actor used a technique commonly associated with APT-29, leveraging a named pipe.

Victims List:

On December 11, the group behind the Maze ransomware established a website where victims who refused to pay the ransom were shamed and leaked victim information stolen by the group was exposed.

This trend of achieving maximum monetary gain for their nefarious activities is increasingly common in the crimeware space, as demonstrated by the proliferation of emotet and the millions and millions of dollars in damage that have followed. Expect adversaries to be increasingly aware of the systems and networks they are compromising as all systems and networks are not created equally and some have much higher profit margins, when compromised.

Indicators of Compromise (IoCs):


  • 51461b83f3b8afbcae46145be60f7ff11b5609f1a2341283ad49c03121e6cafe
  • 3627eb2e1940e50ab2e7b3ee703bc5f8663233fe71a872b32178cb118fb3e2d9

Maze Ransomware

  • 04e22ab46a8d5dc5fea6c41ea6fdc913b793a4e33df8f0bc1868b72b180c0e6e
  • 067f1b8f1e0b2bfe286f5169e17834e8cf7f4266b8d97f28ea78995dc81b0e7b
  • 1161b030293e58d15b6a6a814a61a6432cf2c98ce9d156986157b432f3ebcf78
  • 153defee225de889d2ac66605f391f4aeaa8b867b4093c686941e64d0d245a57
  • 195ef8cfabc2e877ebb1a60a19850c714fb0a477592b0a8d61d88f0f96be5de9
  • 30b72e83d66cbe9e724c8e2b21179aecd4bcf68b2ec7895616807df380afab54
  • 33afa2f1d53d5279b6fc87ce6834193fdd7e16e4b44e895aae4b9da00be0c502
  • 4080402553e9a86e954c1d9b7d0bb059786f52aba4a179a5d00e219500c8f43d
  • 5603a16cbf81d183d3ff4ffea5477af1a4be01321865f0978c0e128051ec0a82
  • 58fe9776f33628fd965d1bcc442ec8dc5bfae0c648dcaec400f6090633484806
  • 5c9b7224ffd2029b6ce7b82ea40d63b9d4e4f502169bc91de88b4ea577f52353
  • 6878f7bd90434ac5a76ac2208a5198ce1a60ae20e8505fc110bd8e42b3657d13
  • 6a22220c0fe5f578da11ce22945b63d93172b75452996defdc2ff48756bde6af 
  • 822a264191230f753546407a823c6993e1a83a83a75fa36071a874318893afb8
  • 83f8ce81f71d6f0b1ddc6b4f3add7a5deef8367a29f59b564c9539d6653d1279
  • 877c439da147bab8e2c32f03814e3973c22cbcd112d35bc2735b803ac9113da1
  • 91514e6be3f581a77daa79e2a4905dcbdf6bdcc32ee0f713599a94d453a26fc1
  • 9751ae55b105ad8ffe6fc5dc7aea60ad723b6df67a959aa2ea6f4fa640d20a71
  • 9ad15385f04a6d8dd58b4390e32d876070e339eee6b8da586852d7467514d1b1
  • 9be70b7fe15cd64aed5b1adc88c2d5270bce534d167c4a42d143ae0059c3da1c
  • b30bb0f35a904f67d3ac0082c59770836cc415dc5b7225be04e8d7c79bde73be 
  • c040defb9c90074b489857f328d3e0040ac0ddab26cde132f17cccae7f1309cc 
  • c11b964916457579a268a36e825857866680baf1830cd6e2d26d4e1e24dec91b 
  • ea19736c8e89e871974aabdc0d52ad0f0948159d4cf41d2889f49448cbe5e705 
  • ecd04ebbb3df053ce4efa2b73912fd4d086d1720f9b410235ee9c1e529ea52a2 
  • F491fb72f106e879021b0bb1149c4678fb380c255d2ef11ac4e0897378793f49 
  • fc611f9d09f645f31c4a77a27b6e6b1aec74db916d0712bef5bce052d12c971f


  • 91.218.114[.]4
  • 5.199.167[.]188
  • 185.147.15[.]22




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: