From 29aa7b3f69df98bdd5bed9de8a9e593b6f09fcad Mon Sep 17 00:00:00 2001
From: Delta-Sierra <deborah.servili@gmail.com>
Date: Fri, 8 Jul 2022 14:49:12 +0200
Subject: [PATCH] add Maui ransomware

---
 clusters/ransomware.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index c39e63c..371526c 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -24555,7 +24555,18 @@
       },
       "uuid": "5617e6fa-4e6a-4011-9385-6b1165786563",
       "value": "HelloXD"
+    },
+    {
+      "description": "Maui ransomware stand out because of a lack of several key features commonly seen with tooling from RaaS providers, such as an embedded ransom note to provide recovery instructions or automated means of transmitting encryption keys to attackers. Instead, it is believed that Maui is manually operated, in which operators will specify which files to encrypt when executing it and then exfiltrate the resulting runtime artifacts. There are many aspects to Maui ransomware that are unknown, including usage context.",
+      "meta": {
+        "refs": [
+          "https://stairwell.com/wp-content/uploads/2022/07/Stairwell-Threat-Report-Maui-Ransomware.pdf",
+          "https://www.cisa.gov/uscert/ncas/alerts/aa22-187a"
+        ]
+      },
+      "uuid": "995c3772-dbda-4a2a-9e28-c47740d599a3",
+      "value": "Maui ransomware"
     }
   ],
-  "version": 103
+  "version": 104
 }