[TLP:WHITE] Joint CSA: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

Event ID4516
UUID704d14e0-3a68-46a2-9b20-88a781463250 
Creator orgCIRCL
Owner orgLUNCHBOX
Creator useradmin@admin.test
Protected Event (experimental)  Event is in unprotected mode.
Tagstype:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex misp-galaxy:malpedia=”Maui Ransomware”x target:healthcarex dnc:malware-type=”Ransomware”x enisa:nefarious-activity-abuse=”ransomware”x ecsirt:malicious-code=”ransomware”x malware_classification:malware-category=”Ransomware”x veris:action:malware:variety=”Ransomware”x Ransomwarex ms-caro-malware:malware-type=”Ransom”x ms-caro-malware-full:malware-type=”Ransom”x   
Date2022-07-06
Threat LevelHigh
AnalysisInitial
DistributionAll communities   
PublishedYes 2022-11-01 06:55:19
#Attributes27 (6 Objects)
First recorded change2022-07-08 12:10:34
Last change2022-10-27 08:45:31
Modification map
Sightings0 (0) – restricted to own organisation only.  

Order by dateOrder by count

Related Events

abuse.chMalwareBazaar malware samples for 2022-07-07
2022-07-076

PivotsGalaxyEvent graphEvent timelineCorrelation graphATT&CK matrixEvent reportsAttributesDiscussion

4516: [TLP:WHITE] Joint CSA: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

Galaxies

Ransomware 

  •  Maui ransomware   

Country 

  •  north korea   

Scope toggle  Deleted Decay score SightingDB Context Related Tags Filtering tool

DateOrgCategoryTypeValueTagsGalaxiesCommentCorrelateRelated EventsFeed hitsIDSDistributionSightingsActivityActions
2022-07-11Payload deliverysha256830207029d83fd46a4a89cd623103ba2321b866428aa04360376e6a390063570     4061 Inherit   (0/0/0)         
2022-07-11Payload deliverysha25645d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78     4061 Inherit   (0/0/0)         
2022-07-11Payload deliverysha25687bdb1de1dd6b0b75879d8b8aef80b562ec4fad365d7abbc629bcfc1d386afa6     Inherit   (0/0/0)         
2022-07-11Payload deliverysha2563b9fe1713f638f85f20ea56fd09d20a96cd6d288732b04b073248b56cdaef878     Inherit   (0/0/0)         
2022-07-11Payload deliverysha25699b0056b7cc2e305d4ccb0ac0a8a270d3fceb21ef6fc2eb13521a930cea8bd9f     Inherit   (0/0/0)         
2022-07-11Payload deliverysha256458d258005f39d72ce47c111a7d17e8c52fe5fc7dd98575771640d9009385456     Inherit   (0/0/0)         
2022-07-11Payload deliverysha25656925a1f7d853d814f80e98a1c4890b0a6a84c83a8eded34c585c98b2df6ab19     Inherit   (0/0/0)         
2022-07-11Payload deliverysha2565b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e     4061 Inherit   (0/0/0)         
2022-07-11Payload deliverymd59b0e7c460a80f740d455a7521f0eada1     4061 Inherit   (0/0/0)         
2022-07-11Payload deliverymd54118d9adce7350c3eedeb056a3335346     4061 Inherit   (0/0/0)         
2022-07-11Payload deliverymd5802e7d6e80d7a60e17f9ffbd62fcbbeb     Inherit   (0/0/0)         
2022-07-11Payload deliverymd5a6e1efd70a077be032f052bb75544358     Inherit   (0/0/0)         
2022-07-11Payload deliverymd5a452a5f693036320b580d28ee55ae2a3     Inherit   (0/0/0)         
2022-07-11Payload deliverymd5c50b839f2fc3ce5a385b9ae1c05def3a     Inherit   (0/0/0)         
2022-07-11Payload deliverymd52d02f5499d35a8dffb4c8bc0b7fec5c2     4061 Inherit   (0/0/0)         
2022-07-11Payload deliverymd5fda3a19afa85912f6dc8452675245d6b     Inherit   (0/0/0)         
2022-07-11Object name: file 



References: 
Inherit 
2022-07-11Payload deliveryfilename:filenamemaui.key    RSA public keyInherit   (0/0/0)         
2022-07-11Object name: file 



References: 
Inherit 
2022-07-11Payload deliveryfilename:filenameaui.exe    Inherit   (0/0/0)         
2022-07-11Object name: file 



References: 
Inherit 
2022-07-11Payload deliveryfilename:filenamemaui.log    contains output from Maui executionInherit   (0/0/0)         
2022-07-11Object name: file 



References: 
Inherit 
2022-07-11Payload deliveryfilename:filenamemaui.evd    RSA private keyInherit   (0/0/0)         
2022-07-11Object name: file 



References: 
Inherit 
2022-07-11Payload deliverysha256:sha2565b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e     4061 Inherit   (0/0/0)         
2022-07-11Payload deliveryfilename:filenamemaui.exe    Inherit   (0/0/0)         
2022-07-08Object name: report 



References: 
Inherit 
2022-07-08External analysislink:linkhttps://www.cisa.gov/uscert/ncas/alerts/aa22-187a    Inherit   (0/0/0)     
2022-07-08External analysislink:linkhttps://www.cisa.gov/uscert/sites/default/files/publications/aa22-187a-north-korean%20state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf    Inherit   (0/0/0)     
2022-07-08Othersummary:textSince May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services. In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods. The initi
Show all 
    Inherit   (0/0/0)     
2022-07-08Othertype:textAlert     Inherit   (0/0/0)     
2022-07-08External analysisreport-file:attachmentaa22-187a-north-korean state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf     Inherit   (0/0/0)