Catching a Human-Operated Maze Ransomware Attack In Action
released on 2020-08-13 @ 06:50:21 PM
Maze ransomware is one of the most widespread ransomware strains currently in the wild and is distributed by different capable actors.
Sentinel Labs discovered a Maze affiliate deploying tailor-made persistence methods prior to delivering the ransomware. The actor appears to have used a stolen certificate to sign its Beacon stager. Similar to other attacks, the actor used an HTA payload as an interactive shell, which Sentinel Labs was able to catch live and deobfuscate.