Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 00:31:53 UTC
Home > List all groups > List all tools > List all groups using tool Maze
 Tool: Maze
Names
Maze
ChaCha
Category Malware
Type Ransomware, Big Game Hunting
Description
Maze Ransomware encrypts files and makes them inaccessible while adding a custom
extension containing part of the ID of the victim. The ransom note is placed inside a text
file and an htm file. There are a few different extensions appended to files which are
randomly generated.
Actors are known to exfiltrate the data from the network for further extortion. It spreads
mainly using email spam and various exploit kits (Spelevo, Fallout).
The code of Maze ransomware is highly complicated and obfuscated, which helps to
evade security solutions using signature-based detections.
Information https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6b19a42e-91bb-4261-a38f-06cd033e2781
Page 1 of 2

MITRE ATT&CK Malpedia Playbook
Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool Maze
Changed Name Country Observed
APT groups
 TA2101, Maze Team [Unknown] 2019-Feb 2024
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6b19a42e-91bb-4261-a38f-06cd033e2781
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6b19a42e-91bb-4261-a38f-06cd033e2781
Page 2 of 2