From cfc6e2802cf8760e1389e77d3f1452f3eda7fb8f Mon Sep 17 00:00:00 2001
From: rmkml <rmkml@yahoo.fr>
Date: Tue, 19 Nov 2019 23:15:02 +0100
Subject: [PATCH 1/3] Add Maze Ransomware

---
 clusters/ransomware.json | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 90273df..9ad0e0e 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13556,7 +13556,20 @@
       },
       "uuid": "6cea5546-1e2c-333a-4faf-033d461360b5",
       "value": "Desync"
+    },
+    {
+      "description": "Maze Ransomware encrypts files and makes them inaccessible while adding a custom extension containing part of the ID of the victim. The ransom note is placed inside a text file and an htm file. There are a few different extensions appended to files which are randomly generated.",
+      "meta": {
+        "encryption": "ChaCha20 and RSA",
+        "refs": [
+          "https://malpedia.caad.fkie.fraunhofer.de/details/win.maze",
+          "https://www.bleepingcomputer.com/news/security/maze-ransomware-now-delivered-by-spelevo-exploit-kit/",
+	  "https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us"
+        ]
+      },
+      "uuid": "7cea7746-1f2d-321a-3fbf-044d451350b6",
+      "value": "Maze"
     }
   ],
-  "version": 71
+  "version": 72
 }

From 9410326ea2707086f1d6c57cefc163a2b93edfb3 Mon Sep 17 00:00:00 2001
From: rmkml <rmkml@yahoo.fr>
Date: Thu, 21 Nov 2019 00:55:55 +0100
Subject: [PATCH 2/3] Revert "Add Maze Ransomware"

This reverts commit cfc6e2802cf8760e1389e77d3f1452f3eda7fb8f.
---
 clusters/ransomware.json | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 9ad0e0e..90273df 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13556,20 +13556,7 @@
       },
       "uuid": "6cea5546-1e2c-333a-4faf-033d461360b5",
       "value": "Desync"
-    },
-    {
-      "description": "Maze Ransomware encrypts files and makes them inaccessible while adding a custom extension containing part of the ID of the victim. The ransom note is placed inside a text file and an htm file. There are a few different extensions appended to files which are randomly generated.",
-      "meta": {
-        "encryption": "ChaCha20 and RSA",
-        "refs": [
-          "https://malpedia.caad.fkie.fraunhofer.de/details/win.maze",
-          "https://www.bleepingcomputer.com/news/security/maze-ransomware-now-delivered-by-spelevo-exploit-kit/",
-	  "https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us"
-        ]
-      },
-      "uuid": "7cea7746-1f2d-321a-3fbf-044d451350b6",
-      "value": "Maze"
     }
   ],
-  "version": 72
+  "version": 71
 }

From 90bc6679888857a5088fbd21a6bc5c6083ad1f9a Mon Sep 17 00:00:00 2001
From: rmkml <rmkml@yahoo.fr>
Date: Thu, 21 Nov 2019 00:57:50 +0100
Subject: [PATCH 3/3] Add Maze Ransomware

---
 clusters/ransomware.json | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 90273df..ca6023b 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13556,7 +13556,20 @@
       },
       "uuid": "6cea5546-1e2c-333a-4faf-033d461360b5",
       "value": "Desync"
+    },
+    {
+      "description": "Maze Ransomware encrypts files and makes them inaccessible while adding a custom extension containing part of the ID of the victim. The ransom note is placed inside a text file and an htm file. There are a few different extensions appended to files which are randomly generated.",
+      "meta": {
+        "encryption": "ChaCha20 and RSA",
+        "refs": [
+          "https://malpedia.caad.fkie.fraunhofer.de/details/win.maze",
+          "https://www.bleepingcomputer.com/news/security/maze-ransomware-now-delivered-by-spelevo-exploit-kit/",
+          "https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us"
+        ]
+      },
+      "uuid": "7cea8846-1f3d-331a-3ebf-055d452351b6",
+      "value": "Maze"
     }
   ],
-  "version": 71
+  "version": 72
 }